IT Security and Risk Management Report - Course Name and Analysis
VerifiedAdded on 2020/02/24
|15
|3286
|97
Report
AI Summary
This report provides a detailed analysis of IT security and risk management within an organizational context. It begins with an executive summary highlighting the increasing vulnerability of information systems to cyberattacks and the importance of robust security measures. The report then outlines an IT model for an organization, emphasizing the significance of secure data transactions and website design. It explores various security standards and controls, including ISO 17799 and PCI DSS, and discusses the importance of compliance. The core of the report focuses on risk analysis, covering both internal and external risk factors, deliberate and accidental risks, and human-made and environmental risks. The analysis extends to IT threats, vulnerabilities, and tools, with a specific focus on social engineering and its impact on organizational security. The report concludes with recommendations for improving IT security and risk management practices, emphasizing the need for proactive measures and continuous improvement.
Running head: IT SECURITY AND RISK MANAGEMENT
IT SECURITY AND RISK MANAGEMENT
Name of the student
Name of the university
Author note
IT SECURITY AND RISK MANAGEMENT
Name of the student
Name of the university
Author note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1IT SECURITY AND RISK MANAGEMENT
Executive summary:
The aim of this report is to discuss about the security issues in information technology. It is seen
that in recent days the information are hacked and loosed due to the attack of hackers and several
malicious software. This type of cyber attacks are increasing day by day and making the
information system more vulnerable. For this reason organizations dealing with information
technology are becoming more and more concerned regarding the security of the information of
customers and business entities. To maintain the security of the organization’s database it is
important to use new technologies and regulations. It is concludd that security issues should be
overcome by implementing several laws and methods.
Executive summary:
The aim of this report is to discuss about the security issues in information technology. It is seen
that in recent days the information are hacked and loosed due to the attack of hackers and several
malicious software. This type of cyber attacks are increasing day by day and making the
information system more vulnerable. For this reason organizations dealing with information
technology are becoming more and more concerned regarding the security of the information of
customers and business entities. To maintain the security of the organization’s database it is
important to use new technologies and regulations. It is concludd that security issues should be
overcome by implementing several laws and methods.
2IT SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
An IT model for an organization.....................................................................................................3
Security standards and controls, for example ISO 17799 and so on...............................................4
Risk analysis and contingency planning for the organization.........................................................6
Analysis of IT threats, vulnerabilities and tools including social engineering................................8
Conclusion.......................................................................................................................................9
Recommendations..........................................................................................................................10
References......................................................................................................................................11
Table of Contents
Introduction......................................................................................................................................3
An IT model for an organization.....................................................................................................3
Security standards and controls, for example ISO 17799 and so on...............................................4
Risk analysis and contingency planning for the organization.........................................................6
Analysis of IT threats, vulnerabilities and tools including social engineering................................8
Conclusion.......................................................................................................................................9
Recommendations..........................................................................................................................10
References......................................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3IT SECURITY AND RISK MANAGEMENT
Introduction
In modern world internet has become one of the most powerful tool for business as well
as providing services to common people. Due to the use of internet the data flow has become to a
large extent in online transaction and other services. Most of the information is confidential as it
contains data related to customer’s personal details and banking details (Aldunce et al., 2015). It
is seen that in recent days the information are hacked and loosed due to the attack of hackers and
several malicious software. This type of cyber attacks are increasing day by day and making the
information system more vulnerable. For this reason organizations dealing with information
technology are becoming more and more concerned regarding the security of the information of
customers and business entities. To maintain the security of the organization’s database it is
important to use new technologies and regulations.
In this report the IT model is discussed of an organization and the risk and security issues
related to it. To overcome the security issues all the regulations and technologies are discussed so
that the security of the information is maintained. Analysis of all the possible risk, threats and
vulnerabilities are done to understand the security related issues in an IT organization.
An IT model for an organization
The IT model of an organization is important to be designed in a planned way so that the
organization can make the transaction of information in a advanced and safe way. In most of the
cases it is seen that the amount of information is increasing day by day due to the introduction of
online services and transactions (Becken & Hughey, 2013). As a result information technology is
the most important platform for any organization to deal with this situation. More importantly
Introduction
In modern world internet has become one of the most powerful tool for business as well
as providing services to common people. Due to the use of internet the data flow has become to a
large extent in online transaction and other services. Most of the information is confidential as it
contains data related to customer’s personal details and banking details (Aldunce et al., 2015). It
is seen that in recent days the information are hacked and loosed due to the attack of hackers and
several malicious software. This type of cyber attacks are increasing day by day and making the
information system more vulnerable. For this reason organizations dealing with information
technology are becoming more and more concerned regarding the security of the information of
customers and business entities. To maintain the security of the organization’s database it is
important to use new technologies and regulations.
In this report the IT model is discussed of an organization and the risk and security issues
related to it. To overcome the security issues all the regulations and technologies are discussed so
that the security of the information is maintained. Analysis of all the possible risk, threats and
vulnerabilities are done to understand the security related issues in an IT organization.
An IT model for an organization
The IT model of an organization is important to be designed in a planned way so that the
organization can make the transaction of information in a advanced and safe way. In most of the
cases it is seen that the amount of information is increasing day by day due to the introduction of
online services and transactions (Becken & Hughey, 2013). As a result information technology is
the most important platform for any organization to deal with this situation. More importantly
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4IT SECURITY AND RISK MANAGEMENT
the organizations have to depend upon the IT model for creating attractive and well designed
website with safe functioning. The IT organizations are working continuously to make sure the
security and the faster response of the online services. The information technology platform is
necessary to maintain the accessibility of data in the organizations (Bianco et al., 2017). The
model is designed in such a way so that the organization can make transaction of data related to
the services with faster response (DeAngelo & Stulz, 2015). The main features of the
information technology model are the database and the security system. To maintain a proper
environment through the data analysis and decision making information technology is very
important from that point of view.
Security standards and controls, for example ISO 17799 and so on
The number of cases regarding the data theft and hacking is increasing day by day. In
modern world internet has become one of the most powerful tool for business as well as
providing services to common people (Brindley, 2017). Due to the use of internet the data flow
has become to a large extent in online transaction and other services. Most of the information is
confidential as it contains data related to customer’s personal details and banking details. It is
seen that in recent days the information are hacked and loosed due to the attack of hackers and
several malicious software (Chance & Brooks, 2015). This type of cyber attacks are increasing
day by day and making the information system more vulnerable. For this reason organizations
dealing with information technology are becoming more and more concerned regarding the
security of the information of customers and business entities (Cole et al., 2013). To maintain the
security of the organization’s database it is important to use new control laws and regulations.
Here are some laws which are discussed in the following part.
the organizations have to depend upon the IT model for creating attractive and well designed
website with safe functioning. The IT organizations are working continuously to make sure the
security and the faster response of the online services. The information technology platform is
necessary to maintain the accessibility of data in the organizations (Bianco et al., 2017). The
model is designed in such a way so that the organization can make transaction of data related to
the services with faster response (DeAngelo & Stulz, 2015). The main features of the
information technology model are the database and the security system. To maintain a proper
environment through the data analysis and decision making information technology is very
important from that point of view.
Security standards and controls, for example ISO 17799 and so on
The number of cases regarding the data theft and hacking is increasing day by day. In
modern world internet has become one of the most powerful tool for business as well as
providing services to common people (Brindley, 2017). Due to the use of internet the data flow
has become to a large extent in online transaction and other services. Most of the information is
confidential as it contains data related to customer’s personal details and banking details. It is
seen that in recent days the information are hacked and loosed due to the attack of hackers and
several malicious software (Chance & Brooks, 2015). This type of cyber attacks are increasing
day by day and making the information system more vulnerable. For this reason organizations
dealing with information technology are becoming more and more concerned regarding the
security of the information of customers and business entities (Cole et al., 2013). To maintain the
security of the organization’s database it is important to use new control laws and regulations.
Here are some laws which are discussed in the following part.
5IT SECURITY AND RISK MANAGEMENT
To prevent the data breach regarding the credit card information several industrial
data security standards are followed and the payment Card Industry Data Security
Standards or PCI DSS is the law to prevent the storing of the data related to any
credit card (Davies, 2014).
The federal security management act or FISMA is used to stop other
organizations from misuse of the IT platforms.
The Electronic Protected Health Information act or HIPAA is used to prevent data
loss and theft related to information related to healthcare.
The export controlled information or EAR is used to make the information safe of
various international traffic and arms regulations.
ISO/IEC 17799 is a code of practice for the information security management.
ISO/IEC 17799 of 2005 establishes guidelines and general principles for
initiating, implementing, maintaining, and improving information security
management in an organization (Ferguson et al., 2013). The objectives outlined
provide general guidance on the commonly accepted goals of information security
management. ISO/IEC 17799 of 2005 contains best practices of control objectives
and controls in the following areas of information security management.
security policy
organization of information security
asset management
human resources security
physical and environmental security
communications and operations management
To prevent the data breach regarding the credit card information several industrial
data security standards are followed and the payment Card Industry Data Security
Standards or PCI DSS is the law to prevent the storing of the data related to any
credit card (Davies, 2014).
The federal security management act or FISMA is used to stop other
organizations from misuse of the IT platforms.
The Electronic Protected Health Information act or HIPAA is used to prevent data
loss and theft related to information related to healthcare.
The export controlled information or EAR is used to make the information safe of
various international traffic and arms regulations.
ISO/IEC 17799 is a code of practice for the information security management.
ISO/IEC 17799 of 2005 establishes guidelines and general principles for
initiating, implementing, maintaining, and improving information security
management in an organization (Ferguson et al., 2013). The objectives outlined
provide general guidance on the commonly accepted goals of information security
management. ISO/IEC 17799 of 2005 contains best practices of control objectives
and controls in the following areas of information security management.
security policy
organization of information security
asset management
human resources security
physical and environmental security
communications and operations management
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6IT SECURITY AND RISK MANAGEMENT
access control
information systems acquisition, development and maintenance
information security incident management
business continuity management
Compliance
The control objectives and controls in ISO/IEC 17799 of 2005 are intended to be
implemented to meet the requirements identified by a risk assessment (Glendon, Clarke &
McKenna, 2016). ISO/IEC 17799:2005 is intended as a common basis and practical guideline for
developing organizational security standards and effective security management practices, and to
help build confidence in inter-organizational activities.
Risk analysis and contingency planning for the organization
An organization dealing with information technology faces lots of difficulties in maintain
the security of the information. The main security issues in an organization are related to several
risk factors which can lead to damage the system to a huge extent (Heazle et al., 2013). For the
betterment of the organizational security the risk analysis is one of the most important tasks for
the IT team of the organizations. There are several types of risks which can make the system
vulnerable and can cause loss of data (Holt et al., 2015). Risk can be caused either from inside
the organization or from outside the organization. Those risks which occur internally are called
internal risk factors and those risk factors which are caused externally, are called external risk
factors. Risks can also be divided into two categories according to the type of occurrence. Those
risks which are created intentionally are called deliberate risks and those risks which are
occurred accidentally are called accidental risk factors (Hopkin, 2017). Risks can also be divided
access control
information systems acquisition, development and maintenance
information security incident management
business continuity management
Compliance
The control objectives and controls in ISO/IEC 17799 of 2005 are intended to be
implemented to meet the requirements identified by a risk assessment (Glendon, Clarke &
McKenna, 2016). ISO/IEC 17799:2005 is intended as a common basis and practical guideline for
developing organizational security standards and effective security management practices, and to
help build confidence in inter-organizational activities.
Risk analysis and contingency planning for the organization
An organization dealing with information technology faces lots of difficulties in maintain
the security of the information. The main security issues in an organization are related to several
risk factors which can lead to damage the system to a huge extent (Heazle et al., 2013). For the
betterment of the organizational security the risk analysis is one of the most important tasks for
the IT team of the organizations. There are several types of risks which can make the system
vulnerable and can cause loss of data (Holt et al., 2015). Risk can be caused either from inside
the organization or from outside the organization. Those risks which occur internally are called
internal risk factors and those risk factors which are caused externally, are called external risk
factors. Risks can also be divided into two categories according to the type of occurrence. Those
risks which are created intentionally are called deliberate risks and those risks which are
occurred accidentally are called accidental risk factors (Hopkin, 2017). Risks can also be divided
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IT SECURITY AND RISK MANAGEMENT
in two parts on the basis of the nature of the risks. If the risks are generate due to some activity of
the human being then it is called the human made risk factors and if the risks are generate due
natural and environmental disaster then those are called environmental risks factors (Howard &
Beasley, 2017). Here are some risk factors which are given below.
Hacking is always considered as one of the main risk factors in case of
organizations dealing with information technology. Hackers can easily break the
security system of the website by cracking the username and the password
provided by the users.
Virus and malware are one of the high risk factors for the computer system. When
the virus and the software are expanded through different network in the
computing system, then the whole system become vulnerable.
Malicious software is also used by hackers to infect the computer system of
several organizations dealing with information technology (Howes et al., 2015).
When unwanted links and other software are downloaded from the internet then
the malicious software is distributed in the computer system.
Natural risks are also considered as the high risk factor. Earthquake, storms can
lead to huge damage of the computer system.
Sudden power loss and loss of internet connections are also considered as risk
factors as these types of risks can lead to data loss from the computer system.
Contingency or uncertainties are also harmful for the computing system and the database
of the computers in an organization. The main reasons behind the uncertainties are not known
and that is the main problem regarding the uncertainties. Risks can be overcome by taking
in two parts on the basis of the nature of the risks. If the risks are generate due to some activity of
the human being then it is called the human made risk factors and if the risks are generate due
natural and environmental disaster then those are called environmental risks factors (Howard &
Beasley, 2017). Here are some risk factors which are given below.
Hacking is always considered as one of the main risk factors in case of
organizations dealing with information technology. Hackers can easily break the
security system of the website by cracking the username and the password
provided by the users.
Virus and malware are one of the high risk factors for the computer system. When
the virus and the software are expanded through different network in the
computing system, then the whole system become vulnerable.
Malicious software is also used by hackers to infect the computer system of
several organizations dealing with information technology (Howes et al., 2015).
When unwanted links and other software are downloaded from the internet then
the malicious software is distributed in the computer system.
Natural risks are also considered as the high risk factor. Earthquake, storms can
lead to huge damage of the computer system.
Sudden power loss and loss of internet connections are also considered as risk
factors as these types of risks can lead to data loss from the computer system.
Contingency or uncertainties are also harmful for the computing system and the database
of the computers in an organization. The main reasons behind the uncertainties are not known
and that is the main problem regarding the uncertainties. Risks can be overcome by taking
8IT SECURITY AND RISK MANAGEMENT
required actions but the uncertainties cannot be overcome as the time and way of the
uncertainties are not known at all.
Analysis of IT threats, vulnerabilities and tools including social engineering
There are many threats present in the information technology system and the main
reasons to make the system more advanced are to increase the security features of the
organizations. Threats can be divided into many parts. The main types of threats are given below.
Threats can be of several types like physical damage, loss of important services, natural events,
compromise of data and technical failure and also the compromise of functions (Kettl, 2015). In
case of deliberate threats the main examples are of spying and illegal data processing. Threats
can also be an accidental case where the failure of hardware and software system is responsible
for the creation of threats. Various kinds of natural events can also make a lot of threats to the
computing system and those are earthquake and storms. Incidents like power loss and loss of
internet connection can also lead to generation of environmental threats. Hacking is always
considered as one of the main risk factors in case of organizations dealing with information
technology. Hackers can easily break the security system of the website by cracking the
username and the password provided by the users. Virus and malware are one of the high risk
factors for the computer system. When the virus and the software are expanded through different
network in the computing system, then the whole system becomes vulnerable. Malicious
software is also used by hackers to infect the computer system of several organizations dealing
with information technology (Lam, 2014). When unwanted links and other software are
downloaded from the internet then the malicious software is distributed in the computer system.
Natural risks are also considered as the high risk factor. Earthquake, storms can lead to huge
required actions but the uncertainties cannot be overcome as the time and way of the
uncertainties are not known at all.
Analysis of IT threats, vulnerabilities and tools including social engineering
There are many threats present in the information technology system and the main
reasons to make the system more advanced are to increase the security features of the
organizations. Threats can be divided into many parts. The main types of threats are given below.
Threats can be of several types like physical damage, loss of important services, natural events,
compromise of data and technical failure and also the compromise of functions (Kettl, 2015). In
case of deliberate threats the main examples are of spying and illegal data processing. Threats
can also be an accidental case where the failure of hardware and software system is responsible
for the creation of threats. Various kinds of natural events can also make a lot of threats to the
computing system and those are earthquake and storms. Incidents like power loss and loss of
internet connection can also lead to generation of environmental threats. Hacking is always
considered as one of the main risk factors in case of organizations dealing with information
technology. Hackers can easily break the security system of the website by cracking the
username and the password provided by the users. Virus and malware are one of the high risk
factors for the computer system. When the virus and the software are expanded through different
network in the computing system, then the whole system becomes vulnerable. Malicious
software is also used by hackers to infect the computer system of several organizations dealing
with information technology (Lam, 2014). When unwanted links and other software are
downloaded from the internet then the malicious software is distributed in the computer system.
Natural risks are also considered as the high risk factor. Earthquake, storms can lead to huge
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9IT SECURITY AND RISK MANAGEMENT
damage of the computer system. Sudden power loss and loss of internet connections are also
considered as risk factors as these types of risks can lead to data loss from the computer system.
Social engineering is one of the biggest threats to the organizational security with respect
to the information technology. The main concept regarding the social engineering is that people
are convinced psychological to make a role in data loss and security breach for an organization.
The internal risk factors of an organization are highly dependent on the social engineering
phenomenon (Heazle et al., 2013). If the employees of an organization are convinced to make
threat or vulnerabilities to the system of the organizations then the database can be highly in risk.
The social engineering is done by manipulating the human thinking regarding the security
culture of the organization. The decision making process is an important factor which can create
all the outlines regarding the security of the organization (Becken & Hughey, 2013). Social
engineering actually attacks the decision making process of the human thinking and make the
individual as a vulnerable element for the organization.
Conclusion
From the above discussion it is concluded that information security is the most important
thing in the era of information technology. Due to the use of internet the data flow has become to
a large extent in online transaction and other services. Most of the information is confidential as
it contains data related to customer’s personal details and banking details. It is seen that in recent
days the information are hacked and loosed due to the attack of hackers and several malicious
software. This type of cyber attacks are increasing day by day and making the information syste
more vulnerable. For this reason organizations dealing with information technology are
becoming more and more concerned regarding the security of the information of customers and
damage of the computer system. Sudden power loss and loss of internet connections are also
considered as risk factors as these types of risks can lead to data loss from the computer system.
Social engineering is one of the biggest threats to the organizational security with respect
to the information technology. The main concept regarding the social engineering is that people
are convinced psychological to make a role in data loss and security breach for an organization.
The internal risk factors of an organization are highly dependent on the social engineering
phenomenon (Heazle et al., 2013). If the employees of an organization are convinced to make
threat or vulnerabilities to the system of the organizations then the database can be highly in risk.
The social engineering is done by manipulating the human thinking regarding the security
culture of the organization. The decision making process is an important factor which can create
all the outlines regarding the security of the organization (Becken & Hughey, 2013). Social
engineering actually attacks the decision making process of the human thinking and make the
individual as a vulnerable element for the organization.
Conclusion
From the above discussion it is concluded that information security is the most important
thing in the era of information technology. Due to the use of internet the data flow has become to
a large extent in online transaction and other services. Most of the information is confidential as
it contains data related to customer’s personal details and banking details. It is seen that in recent
days the information are hacked and loosed due to the attack of hackers and several malicious
software. This type of cyber attacks are increasing day by day and making the information syste
more vulnerable. For this reason organizations dealing with information technology are
becoming more and more concerned regarding the security of the information of customers and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10IT SECURITY AND RISK MANAGEMENT
business entities. To maintain the security of the organization’s database it is important to use
new technologies and regulations. Several laws and risk analysis are also discussed in this report
for better understanding if the security issues related to the organizations dealing with
information technology.
Recommendations
To overcome the security issues related to the transaction of data and several online
services the IT organizations must follow the following recommendation.
The information should be encrypted for betterment of the security. Encryption is
a method which is used to change the data into codes which can only be decrypted
by the permission of the person who has encrypted the data. By encryption
information can be made safe from the cyber attack and hacking.
All the data should be limited in case of uploading so that the possibility of data
loss can be decreased to a large amount.
The computer system should contain advanced antivirus and firewall system so
that the security system of the computer is strong enough.
The virus and the firewall should be always up to date as the system should be
more advanced in security and free from the malicious software and virus.
The username and the password used for several websites should be strong and
unique. The password should contain at least 8 characters in which alphabets,
numerical and the special characters are used.
All the hardware and software should be up to date and maintained in regular
basis for the maintenance of the security of the system.
business entities. To maintain the security of the organization’s database it is important to use
new technologies and regulations. Several laws and risk analysis are also discussed in this report
for better understanding if the security issues related to the organizations dealing with
information technology.
Recommendations
To overcome the security issues related to the transaction of data and several online
services the IT organizations must follow the following recommendation.
The information should be encrypted for betterment of the security. Encryption is
a method which is used to change the data into codes which can only be decrypted
by the permission of the person who has encrypted the data. By encryption
information can be made safe from the cyber attack and hacking.
All the data should be limited in case of uploading so that the possibility of data
loss can be decreased to a large amount.
The computer system should contain advanced antivirus and firewall system so
that the security system of the computer is strong enough.
The virus and the firewall should be always up to date as the system should be
more advanced in security and free from the malicious software and virus.
The username and the password used for several websites should be strong and
unique. The password should contain at least 8 characters in which alphabets,
numerical and the special characters are used.
All the hardware and software should be up to date and maintained in regular
basis for the maintenance of the security of the system.
11IT SECURITY AND RISK MANAGEMENT
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.