Comprehensive Report on IT Security, Models, and Risk Management

Verified

Added on 2020/02/24

AI Summary

This report delves into the core concepts of IT security, beginning with an executive summary that outlines the topics covered. It explores the relationship between IT security and the technological landscape, providing a structural overview of current technologies and their relevance to different businesses. The report then examines various IT security models, including Access Control Lists and others, and their role in specifying and enforcing security policies. It also addresses access control mechanisms, such as authentication and authorization, which are crucial for preventing unauthorized access. Furthermore, the report discusses strategies for mitigating risks and threats, emphasizing the importance of strong login credentials, updated security features, and user awareness to combat malware and phishing attacks. The conclusion reinforces the necessity of robust security protocols to address potential problems and ensure the overall betterment of society in the digital age.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT SECURITY
IT security
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IT SECURITY
Executive summary
The following report discusses about the main concepts of IT security and the technological
landscape model. The report further discusses about the control and models of the IT security.
The report also includes discussion about the threats and risk management process.

2IT SECURITY
Table of Contents
Introduction:....................................................................................................................................3
Discussion:.......................................................................................................................................3
IT security and technological landscape:.....................................................................................3
IT security models and Access control:.......................................................................................4
Mitigation of risks and threats involved:.....................................................................................5
Conclusion:......................................................................................................................................5
References:......................................................................................................................................6

3IT SECURITY
Introduction:
The information technology is termed as the connection that exists among the various
devices that are connected with each other. The devices may include computers, laptops, mobile
phones and other devices, which facilitate interconnection with each other.
This report discusses about the IT security and the technological landscape along with the
model of security involved. The report also includes the risk and mitigation to address the risks
involved in IT security.
Discussion:
IT security and technological landscape:
The security in information technology (IT) refers to the protection involved between the
systems of devices that are connected among each other. They also include the mitigation of the
risks involved by theft of resources from the hardware and software involved. The security in IT
consists of processes that help in control of access to the system and the protection of them.
However, the presence of accidental or deliberate malpractices can lead to deviation of the IT
security process from its security (Jaferian et al., 2014). There are presences of certain
vulnerabilities that utilize the weakness in the system and gets unauthorized access to the system.
These include the backdoor mechanism, which is used to bypass the security of the device and
get access, Denial of service (DOS) attacks that denies the service to the actual user,
eavesdropping which enables spying in networks and phishing attacks where the collection of
sensitive data such as user credentials are done.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4IT SECURITY
Technology landscape is used to provide a structure to the existing technologies. They are
made to deal with the technologies that are currently being processed. The technology landscape
is not relevant and does not provide one solution (Hagberg, 2012). It varies to different
businesses. It refers to the assessment of different businesses to reach the required goal that is
being set by the business involved. Some common examples of technology landscaping are
identification of competitors, identification of targets or evaluation of IP relates risks.
IT security models and Access control:
The information security model is a set of processes, which is used for the specification,
and enforcement of policies relating to the security of the system involved. The model is based
on the formal model, which addresses the access rights. The model is also used to address the
computation model, distributed computing or no such rights. A policy on computer security is
used to implement the IT security model (Siponen, Mahmood & Pahnila, 2014). The major
topics included in the IT security models is the Access Control List, Bell-La Padula model,
Brewer and Nash model, Biba model and also many other models that helps in identifying the
policies for implying the IT security model.
The access control refers to the check and control of access. This involves checking of
login credentials to get access to the system. In computer security, the access control involves the
process of authorization, approval in access, authentication and audit (Brucker et al., 2012). The
process involves checking the credentials of the user trying to enter the system and then provide
access to the user. This helps in reducing the unauthorized access to the system and mitigates the
risk involved. Authentication is done by checking the login credentials like passwords, biometric
scans or electronic keys.

5IT SECURITY
Mitigation of risks and threats involved:
The presence of securities in a IT system is required to address the threats and risks
involved as it can cause much difficulties in the system. This section discusses about many
processes to mitigate the risks in IT security.
The presence of strong login credentials like strong password is a best way to reduce
unauthorized access. The presence of strong security policies that involves the users involved to
get strong passwords that includes combination of various characters to help reduce the risks
involved (Zemel, 2015). The presence of updated security features is a requirement for keeping
the systems safe. The patching of security and constant updating is a need for maintaining the
security in the system involved.
Anti-virus programs are a great way to get security as it provides the ability to scan the
system for vulnerabilities present that could affect the system. It also helps in notifying the
system regarding the presence of any system viruses that are present (Wong & Brooks, 2015). In
addition, the users in a system are required to get security awareness. Most common malware
attacks occur due to the sending of phishing links that in the email of the users. By clicking the
link, the hackers are able to get the information from the infected user. The presence of training
in security is needed to address such risks.
Conclusion:
Thus, it is concluded from the report that the information security models are required for
the betterment of the society. However, the presence of certain problems can lead to deadly
impact in the system and the need for strong security protocols are required to effectively address
them.

6IT SECURITY
References:
Brucker, A. D., Hang, I., Lückemeyer, G., & Ruparel, R. (2012, June). SecureBPMN: Modeling
and enforcing access control requirements in business processes. In Proceedings of the
17th ACM symposium on Access Control Models and Technologies (pp. 123-126). ACM.
Hagberg, J. E. (2012). Being the oldest old in a shifting technology landscape. Generational use
of new media, 89-106.
Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., & Beznosov, K. (2014).
Heuristics for evaluating IT security management tools. Human–Computer
Interaction, 29(4), 311-350.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Wong, S., & Brooks, N. (2015). Evolving risk-based security: A review of current issues and
emerging trends impacting security screening in the aviation industry. Journal of Air
Transport Management, 48, 60-64.
Zemel, A. (2015). Adaptation, mitigation and risk: An analytic approach. Journal of Economic
Dynamics and Control, 51, 133-147.