Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

In-Depth Analysis of IT Security, Risk, and Security Policies

Verified

Added on 2023/06/13

AI Summary

This report provides a comprehensive assessment of IT security risks, explores security information, reviews organizational IT security mechanisms, and emphasizes the importance of organizational security. It delves into various aspects such as unauthenticated system access, unauthorized data removal, physical asset destruction, business combination strategies, backup restoration, testing procedures, and audits. The report also evaluates network security information including NAT, DMZ, firewalls, and network performance enhancements like RAID, standby systems, and dual LAN configurations. Furthermore, it discusses data security measures such as asset management, image differentiation, SAN services, data center replication, virtualization, secure transport protocols, secure MPLS routing, and remote access methods. Security vulnerabilities, log management, honeypots, and data mining algorithms are also addressed. The report concludes by highlighting mechanisms to control organizational IT security, including network change management, audit control, disaster recovery plans, and adherence to standards like the Computer Misuse Act and ISO 3001, emphasizing the responsibilities of staff and the importance of physical security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: IT SECURITY
IT SECURITY
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
IT SECURITY
Table of Contents
Introduction......................................................................................................................................4
L 01: Assess Risk to Information Technology Security..................................................................5
Risk..........................................................................................................................................5
Unauthenticated system...........................................................................................................5
Unauthorized removal or computing of data...........................................................................6
Destruction of the physical assets or environment..................................................................7
Organizational Security...............................................................................................................7
Business combination..............................................................................................................7
Backup Restoration..................................................................................................................8
Testing procedure....................................................................................................................8
Audit........................................................................................................................................8
Overview of object oriented database......................................................................................9
L 02: Security Information..............................................................................................................9
Network Security Information.....................................................................................................9
Evaluation of NAT..................................................................................................................9
Evaluation of DMZ................................................................................................................10
Evaluation of FWs.................................................................................................................10
Network Performance................................................................................................................10
RAID......................................................................................................................................10
Standby..................................................................................................................................11
Dual LAN..............................................................................................................................12
Data Security.............................................................................................................................12
Asset Management.................................................................................................................12
Image differentiation.............................................................................................................13
SAN Services.........................................................................................................................13
Data Center................................................................................................................................13
Replica Data Centre...............................................................................................................13
Virtualization.........................................................................................................................13

2
IT SECURITY
Secure transport protocol.......................................................................................................14
Secure MPLS routing............................................................................................................14
Remote access method...........................................................................................................14
Security Vulnerability................................................................................................................15
Log.........................................................................................................................................15
Honeypot................................................................................................................................15
Data mining algorithm...........................................................................................................15
L 03: Review IT security...............................................................................................................16
Mechanism to control organizational IT security......................................................................16
Network change management................................................................................................16
Audit Control.........................................................................................................................16
Disaster recovery plan...........................................................................................................16
Potential loss of data..............................................................................................................17
Intellectual property: hardware and software........................................................................17
Probability of occurrence.......................................................................................................17
Staff responsibilities..............................................................................................................18
Computer Misuse Act; ISO 3001 standards..........................................................................18
Security Regulation...................................................................................................................18
Physical security types...........................................................................................................18
Responsibility Assignment Matrix............................................................................................19
L 04: Organizational Security........................................................................................................21
Security Policies........................................................................................................................21
System Access.......................................................................................................................21
Access to internet...................................................................................................................21
Access to email......................................................................................................................21
Internet Browser....................................................................................................................22
Use of Software.....................................................................................................................22
3rd party access.......................................................................................................................22
Business Continuity...............................................................................................................23
Security Assessment..................................................................................................................23
Security policies of ISO/IEC 17799:2005 Information Technology.....................................23

3
IT SECURITY
Informing Colleagues regarding their responsibilities of security........................................24
Enterprise risk management......................................................................................................24
Recommendations......................................................................................................................24
Conclusion.....................................................................................................................................25
References......................................................................................................................................26

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
IT SECURITY
Introduction
The technology of information technology has been ever evolving since the last decade.
This evolving nature of the technology has forced many benefits for the users of the platform of
the information technology for the purpose of communication and server maintenance. With the
benefits, that the users enjoy the disadvantage of using the I formation technology comes in
disguise in terms of security and privacy of the data that are store in the data base of the
computing system that makes use of the platform of information technology (Scully, 2014). A
hefty amount of information is stored in the cumber space in today’s society. This is because
people across the globe can easily gain access to the data that are stored in the cyberspace.
Before the 20th century gathering information about a particular topic was very difficult as the
data were not present in the universal platform of the cyberspace. People used to g through
books and magazine and the history books in order to gain authenticated and authorized data
about the servers that the user wants to gain knowledge regarding a particular topic. In today’s
society the required information can be gained without performing any kind of tedious job by
just accessing the platform of information technology for the searching of the data. People can
also storing of data that are private in nature. The major issue of the cyber space lies to the point
that the platform that the cyberspace proved is not much robust in nature. This ensures the fact
that the imposters can gain access to the data that are stored in the cyberspace without any proper
kind of authentication processing of the data. The data that are stored in the platform of the
information technology ensures the fact that there are many barriers to the unauthenticated
access to the data. Despite this barriers it fails to stop the imposters to gain access to the data
which are stored in the database of the cyberspace (Szwed and Skrzyński, 2014). This acts to the
cyber crime that is caused by the cyber criminal to gain the personalized data in order to earn

5
IT SECURITY
profit from the data. Another motive that strongly affects the imposters to gain unauthenticated
access to the data of genuine clients is that the imposters can track the users of the account and
stalk the genuine user and harm eh client who has been using the data base that is dependent on
the platform of the information technology. This report will discuss about the assessment of risk
in case of information technology security. This report will also discuss about the security
solutions of the information technology system. This report will further provide a review of the
mechanism that is undergone for the organization of the information technology security. This
report will further delve unto the fact of essentiality of the organizational security in order to
keep the data of the organization protected that is stored in the platform of the Information
technology (Oltsik, 2014).
L 01: Assess Risk to Information Technology Security
Risk
Unauthenticated system
This aspect of using the computing system by the imposter that are not authorized to
them acts as the major threat to the client in the terms f security. This aspect takes into
consideration the fact that the cyber criminal gets the access of the computing system that the
genuine client has been using in order to gain the access to the data that the client has been
performing the task. The cyber criminal gains the data regarding the desired project from the
computing system of the genuine client. On gaining this unauthorized access the imposter
modulate the data that are stored in the computing system leading to the fact that the genuine
client fails to deliver the project on which the client was performing with accuracy (Fennelly,
2016). This leads to eh decreasing of the efficiency of the client. Another motive of the imposter

6
IT SECURITY
is that the cyber criminal gains the access to the data and the transfer the data to his own
computing system. This ensures the fact that the imposer can now act on behalf of the genuine
client in an unauthenticated manner and destroy the goodwill of the client. The imposter can also
make money from the data that they collect from the computing system of the clients who has
been using the platform of the data base of the information technology.
Unauthorized removal or computing of data
The imposters who has been gaining access to the computing system of the client has the
initial motive of gaining access to the data. The data that are stored in the computing system are
copied from the computing system of the genuine client. This aspect takes into consideration the
fact that imposters who are trying to gain the access of the computing system gets the access to
the computing system taking into consideration the fact that the firewall r the security measures
that are used in networking system are not up to the mark or the software that is being used is not
the latest version available n the market. This fact ensures that the data that are stored in the
computing system can be copied by the imposters and made use of the data in unauthenticated
way. This also ensures that on getting the access to the data, the imposters can also modulate the
same data in order to create a conflict among the clients and the data storage organization. The
aspect also leads to the cause that the data that are stored in the computing system are copied
from that computing system which leads to the fact that the imposter acts as the original owner
of the data (Barkley, 2016). The imposter can also dictate the terms to the authenticated owner of
the data and blackmail the client for paying huge amount of money to refrain the data from the
imposters.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IT SECURITY
Destruction of the physical assets or environment
The major concern in the case of cyber attack is that the destruction of the data that are
stored in the database cyberspace. The data that are stored in the cyberspace are the liability of
the users as the accounting information of the genuine clients are stored in the processing of the
database of the cyberspace. The imposters make use of methods that are illegal to gain access to
the assets of the client in order to destroy the possessions of the clients. The security of the assets
are at stake due to the factor that the lack of robustness of the infrastructure of the database that
frames the cyberspace. The assets that are present in the database of the infrastructure of the
cyberspace are not as robust as the infrastructure should have been which leads to the fact that
the assets of the clients are not very well protected and the security of the physical assets of the
clients is at stake due to the increasing potentials of the imposters (Van Tilborg, and Jajodia,
2014).
Organizational Security
Business combination
The best way to make the computing system robust s by combining the business
organization against the cyber crimes that has been happening in corporate sector of the
industry. This is done by the means of the outsourcing the information technology framework
among the companies that are collaborated to sustain the cyber attack that possess threat to the
database of the organization. The data that are stored in the database of the organization after the
installation of the robust framework frame work as it helped the database to gain the robustness
of the cyberspace of the company.

8
IT SECURITY
Backup Restoration
The data that are stored in the infrastructure of the database are not always well secured
which leads to the fact that the imposters can gain access to the data and modulate the same. In
order to get rid of this problem the major technological terminology that is taken into
consideration is the processing of keeping a back up for the data (Aston, 2017). This takes into
consideration the fact that the backup methodology helps in the fact of restoring the data that gets
lost in the cyber attack that is possessed by the cyber criminals. The fact that the backup keeps
the record of the data that might get lost in the working of the data processing.
Testing procedure
The testing procedure that of the security of the database of the cyberspace is the most
important fact of the data security aspect of the organization. This aspect takes into consideration
the fact that the proper testing of the framework of the database takes into consideration the fact
that the proper testing of the database requires the proper testing of the robustness of the database
(Wang, Yu, 2016). This will ensure the fact that the data that is stored in the database of the
platform of information technology is tested to its limits in order to prevent the imposters to gain
the unauthenticated access to the system.
Audit
The auditing of the task plays a major role in the processing of the expenses that will be
required for the maintenance of the security of the database (Perlman, Kaufman and Speciner,
2016). This audit expenses that are made includes the expense of outsourcing of the
infrastructure of the database. This auditing is performed in order to perform the processing of
the data that are stored in eh database of the organization.

9
IT SECURITY
Overview of object oriented database
The ma feature acts to be the object orientation of the database. The database that is being
used for the performing the data storage of the organization takes into consideration the platform
that is built with the help of the object oriented programming language which helps in the proper
functioning of the data base of the organization (Mearsheimer, 2016). This feature ensures the
efficiency of the database is maintained with proper advancement of the infrastructural progress
in the data string of the organization. The organization takes into consideration the fact that the
data base that are built with the help of the object based programming language is more efficient
in nature. This acts to be the major reason for the database to serve the proficiency of the
organization who has been deploying the strategy.
L 02: Security Information
Network Security Information
Evaluation of NAT
NAT is abbreviated as the Network Address Translation. The main function f NAT is to
translate the IP address of the computing system to the IP address that is completely associated
with the IP address of the local networking system (Wang, Y., Fakhry, R. and Anderl, R., 2017).
The router to connect the computers with the local internet connection uses the IP address that is
generated by the local networking system. The router is not only connected to the computing
systems but also connected to the DSL modems that are associated with the networking system.
The dial-up modem also acts as one of the most fundamental appliance that is connected to the
router of the system. in case of the other networking systems trying to access the data from the
networking system that us connected to the computing system with a particular IP address the IP

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
IT SECURITY
address indicates the trial of the accessing of the networking system. The extra level of security
is added t the networking system with the help of the installation of the firewall.
Evaluation of DMZ
DMZ is abbreviated as Demilitarized Zone. This layer acts as the medieval layer between
the computing network and the intranet layer of the public networking system. This channel
sensors the act that the data that is transferred is transact-ted safely. The host of the DMZ can be
either a single host or a dual host operating system. The main purpose of the DMZ is to ensure
the fact that the access to the intranet networking from the external sites are prohibited in order
access of the external interference in the networking of the system. This is done by separating the
networking system of the intranet from the host LAN in order to maintain the security of the
database (Ahson and Ilyas, 2017).
Evaluation of FWs
FWs are abbreviated as Free Web Space of the framework of the organization. This will
ensure the fact that the website hosting is free and the advertisements are supported in the free
webs pacing of the subscribed website. This ensures the fact that the web hosting does not make
the complete usage of the advertisement that are being attached to the web hosting in order to
maintain the proficiency of the web hosting service.
Network Performance
RAID
RAID is broadly classified in five broad categories namely: -

11
IT SECURITY
 RAID 0: The main purpose of RAID 0 is to strip data across two or more drivers. The
parity is not supported in this form of the compliance. The major advantage is that this
form provides good read and write acceptance but does not support the data redundancy.
 RAID 0+1: the main purpose of RAID 1 is to mirror data from two or more drivers. The
main advantage of the RAID 1 is that it supports multiple porting of the data which leads
to the enhancement of the security of the data base (Mearsheimer, 2016).
 RAID 1+0: Is a mirrored set in a striped set. RAID 0+1 creates a striped set from a series
of mirrored drives. The main advantage of this networking system is that all the ports are
in use which accepts the fact that the efficiency of the data security increases.
 RAID 3: the main functioning is to strip the byte-level with a dedicated parity disk. This
acts to be a unique feature in this system. The major disadvantage of this system is that
the parity disk is the minor bottleneck and must be written every single time the data is
updated.
 RAID 4: the main function is the stripping of the data using the measure of the block-
level stripping attribute. This kind of system has a dedicated parity disk. The major
advantage of this system is that the access of the data is improved with the block-level
stripping (Line and Moe, 2015)
 .
Standby
Standby is a mode that acts as the procedural functioning of the computing system. This
mode keeps the computing system readily available for the functioning of the networking
system. The system can be used whenever required when the system is in standby mode by
rescuing the access to the networking system (Crampton, 2015). The shortcomings are

12
IT SECURITY
maintained due to the fact that the computing system is ever active in this mode. A system may
be on standby in case of failure, shortage or other similar events. Examples of standby include
standby power, standby machine, standby server, standby mode, standby component, standby
database and standby equipment.
Dual LAN
In case of Dual LAN the computer system is connected within the network which
provides the internet from the server. The main function of Dual LAN is that the server
connection that is made across the network and the computing system are capable of transferring
data in both the direction. This enables the sharing of the data in a much efficient way.
Data Security
Asset Management
The major advantage of the using the Asset management in the processing if ted at
security is that the data that is used in this aspect increases the efficiency if the functioning of the
operation of the product which ensures the fact that functioning of the data centers are performed
with utmost proficiency (Benson and Rahman, 2015). This aspect of Asset Management also
helps the organization to improve the productivity of the IT staffing of the product. The major
reason of the asset management is to enable the proactive layer of protection over the loss of IT
assets. This strategy also ensures the fact that the data that are stored in this platform are much
secured and the data acts as the primary asset to the organization. The cost of the data restoration
acts as the major reason of the usage of the asset management technology.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
IT SECURITY
Image differentiation
Image differentiation has been acting as technology to safeguard the data of the
organization form the imposters. This technology uses the face processing technology to allow
access to the database of the organization. This ensures the fact that only the genuine client as the
processor can access the data that is stored in the database will initially scan the face of the client
and compare with the image that has been stored in the database of the system. In as the image
matches with the reference image the data base allows the individual to get access to the
database.. in case of mismatch the data system is blocked.
SAN Services
SAN Services is abbreviated as the Storage Area Networking Service. This technology is
used for performing the business with higher flexibilities in the database of the system. The raw
storage of the data is used for the succession of the data storing capabilities. This specific
function helps the service in storing the data across a network of a computing system (Berger,
2014).
Data Center
Replica Data Centre
Data replication is a process of copying the entire data from on location of the database to
another location of the database. This technology is mainly used for the updating of the database
of the multi national organizations, who find it difficult to maintain a database in a stretch.
Virtualization
Data virtualization acts as the process that ensures the data aggregation from different
source of the system. This technology then develops the factor of the information stocking. This

14
IT SECURITY
process helps in gaining a stock of the data. This factor ensures the prospect of the virtual view
of the information (Mearsheimer, 2016). This processing ensures that the front end solutions that
enhances the virtualization of the application. The dashboards and the portals of the organization
also enjoy the feature of virtualization, which increases the proficiency of the organization.
Secure transport protocol
Secure Transport protocol provides the communication security as the client and the
application, which enhances the communication of the internet processing. This factor enables
the privacy of the documentation to be protected from the cyber criminals with the help of the
Secure Socket Layer (SSL).
Secure MPLS routing
MPLS is abbreviated as the Multi Protocol Label Switching. This switching protocol
enhances the traffic routing mechanism. This methodology helps in the processing of the telecom
network. This aspect helps the data that is related to the customer to stay separated from the data
that are used for the specification of customer data related to the direct packet related to the pre-
determined path of the networking system (Van Tilborg, and Jajodia, 2014). The security of the
Multi Protocol Level Sourcing has been acting as the major concern for the processing of the
flaws. The security of the path determines the mis configuration in the infrastructure of the
system. This mis configuration after getting analyzed is configured correctly as per the need of
the desired requirement.
Remote access method
Remote access method instills the quality of the getting access to the networking system f
the computers within a distance that lies under the range of the remote accessibility network

15
IT SECURITY
zone. This technology finds its usage in the field of the telecommuters, corporate sector for
performing the task efficiently. The secondary usage of the system is due to the processing of the
corporation networking.
Security Vulnerability
Log
The installation of the UNIX does not run in the aspect of the privacy detection
technique. Logging of the facilities and the expenses are progressed in the terminology of the
disk storage capabilities (Van Tilborg, and Jajodia, 2014). The processing time of the project will
ensure the fact that the cost that is associated with the processing time is regulated with the audit
trial method.
Honeypot
Honeypot acts as the trap for the imposters who intend on performing cyber crimes in the
duration of performing the cyber crime. The main theme of this projection is that this platform
acts as the computing system which behaves as a real time computing system but the computing
system in hand is a close networking system which is closely monitored by the cyber security
department in order to get hold of the cyber criminal.
Data mining algorithm
C4.5 is embarked as one of the best algorithm for the functioning of the data mining.
C4.5 is the algorithm that is used for the purpose of data mining with the processing of the
classifier. The classifier acts as a tool that helps in the formation of the decision tree. The
supposed database ensures the fact that the data that are accessed during the processing of the
VO2 max (Szwed and Skrzyński, 2014).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16
IT SECURITY
L 03: Review IT security
Mechanism to control organizational IT security
Network change management
Network Change management is a disciplinary act that enhances the processing of the
information technology (Perlman, Kaufman and Speciner, 2016). This methodology ensures the
fact that fact that the research that is performed by the IDC and Gartner. Network Change
Management acts as the credential replacement for the functionality of the automate changes that
are performed in the purposing of the automate change that takes place in the functionality of
the system. Another advantage of Network Change System is that it reduces networking
downtime of the process. The Network Change Process takes into consideration the fact that
having a backup of the data that are collected system acts as an advantage.
Audit Control
Audit Control is defined as the accounting of the of the process that is involved in the
functioning of the process. this process ensures the assurance of the achievement that helps in the
effective operation of the project which will increase the efficiency of the functioning. The
financial reporting and the regulations related to the auditing of the policies include the audit
Control Processing (Fennelly, 2016).
Disaster recovery plan
The disaster recovery plan is a process that ensures the fact that it helps the organization
to prevent the organization from the disaster that might approach the organization. This plan
helps the processing of finding the threats that are approaching the organization and hence helps

17
IT SECURITY
the organization to take into count the fact that might help the organization to get rid of the threat
that is being possessed.
Potential loss of data
Due to the lack of robustness in the platform of database, the data that are stored in the
framework of the database is not secured (Wang, Y., Fakhry, R. and Anderl, R., 2017). This
aspect takes into consideration the fact that the data that is stored in the database of the
infrastructure of the organization ensures the fact that security of the data that sis tired is at stake.
This causes the loss of data from the data base if the organization. The important data that are
considered to be turbulent for the functioning of the organization is stored with more security
which enables the fact that the potential loss of data is prevented.
Intellectual property: hardware and software
The hardware and the software of the organization acts as the major issue which acts as te
channel between the database and the external user (Benson and Rahman, 2015). This channel
also acts the main medium of cyber attack. The attack is progressed with the featuring of the
data, which is intended to access by the cyber criminals in order to gain the data prosecution
methodology. This access .acts t be the harmful and unauthenticated access by the imposters
which leads to stealing of the important data that are stored in the computing system.
Probability of occurrence
The occurrence of the thefts in the processing of the data storage ensues the fact that the
data storage in the data in the data base has increased immensely since the last decade. This
implies the fact that with the advantages that the organizations enjoy the organizations faces the
threat of being accessed in an unauthenticated manner. This ensures the fact that the data that is

18
IT SECURITY
stored in the database of the organization. The database of the organization suffers due to the fact
that the infrastructure lacks the robustness (Berger, 2014). This lack of robustness has increased
the probability of being accessed by the imposters have increased to a great extent of about 23%.
This increase in the processing of the cyber crime indicates the fact that the security of the data is
at stake. To decrease the probability of this unauthenticated access to the data, the infrastructure
of the database must be made more robust.
Staff responsibilities
The responsibility of the employees are to keep the software that are being used updated
to prevent the unauthenticated access of the data. This updating of the software that is performed
by the employees of the organization ensures the act that the data stored in the organization stays
protected from the data stealing or accessing by the imposters (Fennelly, 2016).
Computer Misuse Act; ISO 3001 standards
ISO is a national standard that is used for the standardized processing of the worldwide
federation. ISO 3001 acts to be the major concern for the processing of the data that is stored in
the database. The ISO 3001 is the main fact that helps in the factorization of the member body
that ensures the progress in the data security from the data base of the computing system if the
organization
Security Regulation
Physical security types
Biometrics
The biometrics have largely gained its popularization in the processing of the
multinational companies. The biometrics helps in the processing of the data that acquires the data

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19
IT SECURITY
that is related to the employee of the office. The data that are collected from the employee of the
office is stored in the database if the biometric system. In case of the functioning of the
biometric, the biometric stores the identity of the individual in the database of the biometric
(Crampton, 2015). This ensures the fact that after comparing the data that is entered by the
employee is compared with the data that is stored in the biometric data base. In case the data that
is entered by the employee matches with the data that is stored in the database of the biometric
system the employee is allowed the permission to continue with the dealings that he has been
performing.
Swipe Card
The usage of the swipe card enables the fact that the encrypted code that is present in the
card acts as the identity of the employee. The employee needs to swipe the card that is provided
to the employee by the government (Conheady and Leverett, 2014). This encrypted code is
compared by the system. In case of the encrypted code is previously stored in the system the
employee is granted the permission.
Theft prevention
Theft prevention is processed with the help of the biometric system and the card swipe
technique. This techniques are deployed n the organization. This factor leads to the security of
the organization as any unauthorized person cannot enter the office premises without the proper
authentication.
Responsibility Assignment Matrix

20
IT SECURITY
Responsibility Assignment Matrix (RAM) using the RACI Format
Task/Person
Activity hjhj
Program
manager
Project
manager
Team lead Test
manager
Project
manager
Deploymen
t manager
Solution
Architect
Triage code R C C R
Assign defects A C R
Fix code C R C A R
Scan code A C
Code: Stands For: This Person Is:
R Responsible Responsible for performing the task or creating the
document
A Accountable Accountable and has sign-off authority for the task, such
as the project manager, sponsor, technical lead
C Consult Providing expertise, advice and support to the person
responsible for the task or document and others
I Inform Informed of task progress or results, usually by the person
responsible

21
IT SECURITY
L 04: Organizational Security
Security Policies
System Access
The access to the systems of the organization deals with the fact of the gaining access to
the computing systems that are used in the processing of the functioning of the organization. This
ensures the fact that the procedural unauthenticated access to the computing systems which has a
lot of data stored which are used for the proceeding of the project. on getting the access t the
computing system of the organization the imposter can delete the important files that are stored
in the computing system leading to the fact that the proceeding of the project is put to halt
leading to the lack of progress in the project that the client was performing. This factor leads to
the decrease in the efficiency of the project (Perlman, Kaufman and Speciner, 2016).
Access to internet
The access to the internet that is used for the processing of the finding the data that are tp
be used in the processing of the completion of the project acts to be one of the major security
problem. This problem tends to be the major reason behind the piracy of data that are done due
to the unauthenticated access to the data of the task. The imposters tend to track surfing of the
data that the employee is performing (Fennelly, 2016). This enables the imposters to gain the
knowledge regarding the progress of the project.
Access to email
The access to the e mail of the employees of the organization leads to the fact that the
imposter acts on behalf of the employee and creates conflicts regarding the processing of the
email. The imposter performs conflictive jobs from the email of the employee (Benson and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

22
IT SECURITY
Rahman, 2015). This acts as a problem for the employee of the organization. The imposter also
takes into consideration the fact that the acts that the employee is performing and track the
whereabouts of the employees of the organization.
Internet Browser
The Internet browser that are used by the employees of the organization takes into
consideration the fact that the imposters can easily track the search results of the employees of
the organization. This leads to the fact that that data that the imposters collects after the
evaluation of the surfing results. This ensures the fact that the imposter can use the data gained
from the surfing against the employee of the organization.
Use of Software
The software that is used for the functioning of the processing that is done in the
organization must be updated to its latest versions in order to gain the robustness of the
computing system. despite the installed versions of the firewall the imposters finds the loop hole
through which they get the unauthorized access to the computing system and gain the data ,
which they do not have the permission to access (Wang, Y., Fakhry, R. and Anderl, R., 2017).
The only way out to stay protected from the cyber criminals are updating the software.
3rd party access
The major concern for the employees regarding the unauthenticated access of the data is
the access of the data by the third party. This ensures the fact that the data that is present in the
database of the organization can be accessed by the 3rd party. This access tends t harm the
employee as well as the organization.

23
IT SECURITY
Business Continuity
The business continuity plan helps to ensure the fact processing of the business during the
facing of the hazard. The emergency and the disaster regarding the physical distortion leads to
the decreasing of the efficiency of the organization but BCP helps the fact in continuation of the
business management of the organization.
Security Assessment
Security policies of ISO/IEC 17799:2005 Information Technology
The security policy of ISO/IEC:2005 Information technology deals with the following
enhancements regarding the security issue: -
 Organization of information security
 Asset management
 Human resources security
 Physical and environmental security
 Communications and operations management (Line and Moe, 2015)
 Access control
 Information systems acquisition
 Development and maintenance (Wang, Fakhry and Anderl, 2017)
 Information security incident management
 Business continuity management
 Compliance

24
IT SECURITY
Informing Colleagues regarding their responsibilities of security
The employees who are not well aware of the issues that are caused by the trafficking of
the data are needed to be educated regarding the difficulties that are caused due to the
unauthorized access to the data. The knowledge f setting strong password is provided to the co
employee’s of the organization. The fact that the updating of the software helps the prevention of
the cyber attack will also be provided to the employees (Herath and Herath, 2014).
Enterprise risk management
Enterprise risk management has been acting beneficial for managing risk as it identifies
the threats that are to approach the organization. This ensures the fact that preventions are taken
to avoid the risks that are going to be faced by the organization. The enterprise risk management
also helps in identifying the methodologies that must be used in order to prevent the risks of the
organization (Rajnai, Z. and Rubóczki, E., 2015). The methodologies that are undertaken are
generally adapted from the ISO 3001 standards.
Recommendations
 The security tools that must be implemented in order to keep the data of the organization
secured includes the organization must take into consideration the fact that employees of
the organization must possess an individual profile in order to access the official portal.
This account creating factor will act like a virtual biometric device. This will filter the
entrance of the user in the official portal of an organization. Unauthorized members
cannot enter the portfolio without proper recognition (Goldstein and Frank, 2016).
 Auto update feature must be turned on for the purpose of the security of the software as
the only way to protect the database of the imposters is by keeping the software of the
database updated to its latest version.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

25
IT SECURITY
 Monitoring the resource access also acts to be beneficial for the organization as the
source indicates the origin of the database that will include the origin of the cyber attack
in case of any mishap.
 The information technology department of the organization must perform the testing of
the penetration regularly in order to perform efficient functioning of the task.
Conclusion
Therefore, from the above discussion it can be concluded that the security of the data that
are in use acts to be a major source of concern for the for the information technology
departments of the multinational organizations. This ensures the fact that the organizations have
been undertaking a lot of security measures for the processing of the prevention of cyber crime.
With the increase in usage of the digital communication processing of the major disadvantage
have been the security issue of the digital platform. Data replication and the virtualization has
been acting to be the most threatened risk that the organization is facing for using the digital
platform.

26
IT SECURITY
References
Goldstein, A. and Frank, U., 2016. Components of a multi-perspective modeling method for
designing and managing IT security systems. Information Systems and e-Business
Management, 14(1), pp.101-140.
Hof, H.J., 2015. User-centric IT security-how to design usable security mechanisms. arXiv
preprint arXiv:1506.07167.
Line, M.B. and Moe, N.B., 2015, May. Understanding collaborative challenges in it security
preparedness exercises. In IFIP International Information Security Conference (pp. 311-324).
Springer, Cham.
Simić-Draws, D., Neumann, S., Kahlert, A., Richter, P., Grimm, R., Volkamer, M. and
Roßnagel, A., 2015. Holistic and law compatible IT security evaluation: Integration of common
criteria, ISO 27001/IT-Grundschutz and KORA. In Transportation Systems and Engineering:
Concepts, Methodologies, Tools, and Applications (pp. 927-946). IGI Global.
Herath, H.S. and Herath, T.C., 2014. IT security auditing: A performance evaluation decision
model. Decision Support Systems, 57, pp.54-63.
Wang, Y., Fakhry, R. and Anderl, R., 2017. Combined secure process and data model for IT-
Security in Industrie 4.0. In Proceedings of the International MultiConference of Engineers and
Computer Scientists 2017 (pp. 846-852).
Kimwele, M.W., 2014. Information technology (IT) security in small and medium enterprises
(SMEs). In Information Systems for Small and Medium-sized Enterprises (pp. 47-64). Springer,
Berlin, Heidelberg.

27
IT SECURITY
Conheady, S. and Leverett, E., 2014. Social engineering in IT security: Tools, tactics, and
techniques. McGraw-Hill Education.
Conheady, S. and Leverett, E., 2014. Social engineering in IT security: Tools, tactics, and
techniques. McGraw-Hill Education.
Harbach, M., Fahl, S. and Smith, M., 2014, July. Who's Afraid of Which Bad Wolf? A Survey of
IT Security Risk Awareness. In Computer Security Foundations Symposium (CSF), 2014 IEEE
27th (pp. 97-110). IEEE.
Hänsch, N. and Benenson, Z., 2014, September. Specifying IT security awareness. In Database
and Expert Systems Applications (DEXA), 2014 25th International Workshop on(pp. 326-330).
IEEE.
Fennelly, L., 2016. Effective physical security. Butterworth-Heinemann.
Heathcote, G. and Otto, D. eds., 2014. Rethinking peacekeeping, gender equality and collective
security. Springer.
Heathcote, G. and Otto, D. eds., 2014. Rethinking peacekeeping, gender equality and collective
security. Springer.
Rajnai, Z. and Rubóczki, E., 2015. Moving towards cloud security. interdisciplinary description
of complex systems, 13(1), pp.9-14
Scully, T., 2014. The cyber security threat stops in the boardroom. Journal of business continuity
& emergency planning, 7(2), pp.138-148.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

28
IT SECURITY
Yu, T., Sekar, V., Seshan, S., Agarwal, Y. and Xu, C., 2015, November. Handling a trillion
(unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things.
In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 5). ACM.
Bailey, D.V., Dürmuth, M. and Paar, C., 2014. “Typing” passwords with voice recognition: How
to authenticate to Google Glass. In Proc. of the Symposium on Usable Privacy and Security.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a
public world. Pearson Education India.
Szwed, P. and Skrzyński, P., 2014. A new lightweight method for security risk assessment based
on fuzzy cognitive maps. International Journal of Applied Mathematics and Computer
Science, 24(1), pp.213-225.
Benson, K. and Rahman, S., 2015. Security Risks in Mechanical Engineering Industries. arXiv
preprint arXiv:1512.01730.
Benson, K. and Rahman, S., 2015. Security Risks in Mechanical Engineering Industries. arXiv
preprint arXiv:1512.01730.
Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management,
and security. CRC press.
Kotz, D., Fu, K., Gunter, C. and Rubin, A., 2015. Security for mobile and cloud frontiers in
healthcare. Communications of the ACM, 58(8), pp.21-23.
Line, M.B., Tondel, I.A. and Jaatun, M.G., 2014, May. Information security incident
management: Planning for failure. In IT Security Incident Management & IT Forensics (IMF),
2014 Eighth International Conference on (pp. 47-61). IEEE.

29
IT SECURITY
Omeje, K., 2017. High stakes and stakeholders: Oil conflict and security in Nigeria. Routledge.
Van Tilborg, H.C. and Jajodia, S. eds., 2014. Encyclopedia of cryptography and security.
Springer Science & Business Media.
. The internet of things: A ciso and network security perspective. ESG White Paper.
AlHogail, A., 2015. Design and validation of information security culture framework. Computers
in Human Behavior, 49, pp.567-575.
Berger, T.U., 2014. Norms, Identity, and National Security. Security Studies: A Reader.
Mearsheimer, J., 2016. Defining a new security architecture for Europe that brings Russia in
from the cold. Military Review, 96(3), pp.27-31.
Ahson, S.A. and Ilyas, M., 2017. RFID handbook: applications, technology, security, and
privacy. CRC press.
Crampton, J.W., 2015. Collect it all: National security, big data and
governance. GeoJournal, 80(4), pp.519-531.
Crampton, J.W., 2015. Collect it all: National security, big data and
governance. GeoJournal, 80(4), pp.519-531.