IT Security Risk Assessment and Mitigation: A Comprehensive Report
VerifiedAdded on 2025/04/26
|17
|3548
|134
AI Summary
Desklib provides past papers and solved assignments for students. This report explores IT security risks and mitigation strategies.
Security fundamentals
1 | P a g e
1 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction......................................................................................................................................3
LO 1.................................................................................................................................................4
P1 Identify types of security risks to organizations.....................................................................4
P2 Describe organizational security procedures..........................................................................6
M1 Propose a method to assess and treat IT security risks.........................................................8
LO 2.................................................................................................................................................9
P3 Identify the potential impact on IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................9
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security....................................................................................11
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
...................................................................................................................................................13
LO 1 & LO 2..................................................................................................................................14
D1 Investigate how a ‘trusted network’ may be part of an IT security solution.......................14
Conclusion.....................................................................................................................................15
References:....................................................................................................................................16
2 | P a g e
Introduction......................................................................................................................................3
LO 1.................................................................................................................................................4
P1 Identify types of security risks to organizations.....................................................................4
P2 Describe organizational security procedures..........................................................................6
M1 Propose a method to assess and treat IT security risks.........................................................8
LO 2.................................................................................................................................................9
P3 Identify the potential impact on IT security of incorrect configuration of firewall policies
and third-party VPNs...................................................................................................................9
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security....................................................................................11
M2 Discuss three benefits to implement network monitoring systems with supporting reasons
...................................................................................................................................................13
LO 1 & LO 2..................................................................................................................................14
D1 Investigate how a ‘trusted network’ may be part of an IT security solution.......................14
Conclusion.....................................................................................................................................15
References:....................................................................................................................................16
2 | P a g e
Introduction
The report consists of security issues related to the internet in the organization. The report will
provide a brief discussion on the security legislation, procedures of IT security, solutions on
technology-related matters, software, and tools which are used to develop IT security procedures
in the company. It will also include threats related to the ICT systems and security vulnerabilities
which include key loggers, virus’s Trojans, intentional damage, data mining algorithms, natural
damage, etc. The report will identify the types of risks of securities associated with the
organization and security procedures. It will also provide solutions for IT related issues. It will
include the impact of incorrect configuration on IT security of third-party VPNs and firewall
policies. The report will also include methods of improving network security by implementing
static IP, DMZ, and NAT in the networks.
3 | P a g e
The report consists of security issues related to the internet in the organization. The report will
provide a brief discussion on the security legislation, procedures of IT security, solutions on
technology-related matters, software, and tools which are used to develop IT security procedures
in the company. It will also include threats related to the ICT systems and security vulnerabilities
which include key loggers, virus’s Trojans, intentional damage, data mining algorithms, natural
damage, etc. The report will identify the types of risks of securities associated with the
organization and security procedures. It will also provide solutions for IT related issues. It will
include the impact of incorrect configuration on IT security of third-party VPNs and firewall
policies. The report will also include methods of improving network security by implementing
static IP, DMZ, and NAT in the networks.
3 | P a g e
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
LO 1
P1 Identify types of security risks to organizations.
Every organization faces some or the other risks which may harm the business of the
organization. The organization faces several IT related problems while surfing the internet. The
organization shall abide with the legislation and legal principles which the government has
imposed on the use of the internet. The internet law refers to cyber law and the Internet Service
Providers are the governing body which governs the laws. The IT solutions or the technological
solutions are a service, or product, or a combination of both given to the client by the service
providers who have extensive knowledge in the field of IT related matters. The company faces
several types of issues or security risks which may affect the operations, revenues, and
profitability of the business.It is essential for the organizations to implement IT security in the
businesses as it helps in preventing various complications like vulnerabilities, threats, and risks
that can hamper the confidential information of the business organization (Abomhara, 2015).
Threats are those which affects the companies in relation to its network and IT systems. It can be
comprised mainly as deliberate threats and accidentals. For example, natural disasters, hi-tech
crime, systems malfunctions, hacking, human error, cyber terrorism, etc. Vulnerabilities are
fragility which can be unsafe by threats. The vulnerability happens when there is no firewall
between the internet and the server of the websites. A firewall prevents the computers from
unauthorized access and helps in providing security from the attacks.The outcome of having the
vulnerabilities and it is being utilized by the threats forms a risk.Risks occur when a person with
an intention to harm the company gain access to the confidential and private information and
data of the company. Risks can cause damage to the company and affect the growth of the
organization. Unauthorized access of personal information can result in insider trading which
may result in the diminishing of the profits of the company. The person having unauthorized
access to the private information of the company can sell that information for his/ her personal
benefits to the competitors of the company. Several types of security risks that associated with
the company may include:
4 | P a g e
P1 Identify types of security risks to organizations.
Every organization faces some or the other risks which may harm the business of the
organization. The organization faces several IT related problems while surfing the internet. The
organization shall abide with the legislation and legal principles which the government has
imposed on the use of the internet. The internet law refers to cyber law and the Internet Service
Providers are the governing body which governs the laws. The IT solutions or the technological
solutions are a service, or product, or a combination of both given to the client by the service
providers who have extensive knowledge in the field of IT related matters. The company faces
several types of issues or security risks which may affect the operations, revenues, and
profitability of the business.It is essential for the organizations to implement IT security in the
businesses as it helps in preventing various complications like vulnerabilities, threats, and risks
that can hamper the confidential information of the business organization (Abomhara, 2015).
Threats are those which affects the companies in relation to its network and IT systems. It can be
comprised mainly as deliberate threats and accidentals. For example, natural disasters, hi-tech
crime, systems malfunctions, hacking, human error, cyber terrorism, etc. Vulnerabilities are
fragility which can be unsafe by threats. The vulnerability happens when there is no firewall
between the internet and the server of the websites. A firewall prevents the computers from
unauthorized access and helps in providing security from the attacks.The outcome of having the
vulnerabilities and it is being utilized by the threats forms a risk.Risks occur when a person with
an intention to harm the company gain access to the confidential and private information and
data of the company. Risks can cause damage to the company and affect the growth of the
organization. Unauthorized access of personal information can result in insider trading which
may result in the diminishing of the profits of the company. The person having unauthorized
access to the private information of the company can sell that information for his/ her personal
benefits to the competitors of the company. Several types of security risks that associated with
the company may include:
4 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1) Hacking: It is a process in which a person having malafide or malicious intention hacks
the confidential information of the company for some kind of benefit including financial
benefits.
2) Spyware: As the name predicts, it is the software which is installed in the computers of
the organizations without the permission of the user with the intention of the criminal
intention or to collect information for using it against the users.
3) Viruses: These are the most dangerous and require protocols to prevent them. It is
software which can damage the computers of the organization for the purpose of stealing,
corrupting, or detecting the personal data.
4) Adware: It refers to various unwanted advertisements which appear on the screen of the
computers to gain access or retrieving of the information without the knowledge or
information to the users (Horan, 2017).
5 | P a g e
the confidential information of the company for some kind of benefit including financial
benefits.
2) Spyware: As the name predicts, it is the software which is installed in the computers of
the organizations without the permission of the user with the intention of the criminal
intention or to collect information for using it against the users.
3) Viruses: These are the most dangerous and require protocols to prevent them. It is
software which can damage the computers of the organization for the purpose of stealing,
corrupting, or detecting the personal data.
4) Adware: It refers to various unwanted advertisements which appear on the screen of the
computers to gain access or retrieving of the information without the knowledge or
information to the users (Horan, 2017).
5 | P a g e
P2 Describe organizational security procedures
Organizational security procedures are the procedures which are used for ensuring the
consistency in the execution and implementation of the security process and security control
methods. These are the procedures which are used to verify that record, an electronic signature,
or performance is detecting errors or changes in the data or information in the electronic record.
It helps in providing the security system to the organization from the various risks, threats, etc.
The organizational security procedure is established to minimize the administrative, physical, or
technical safeguards which can be used by the companies to prevent themselves from the data or
information to get unauthorized access, corruption, disclosure, or destruction. The organizational
security procedures are the set of policies which are imposed by the organizations in its business
activities to prevent the sensitive information or data of the organizations. Organizational
security procedures include:
The users who were being authorized by the organization to have access to the
information can gain access to the systems.
The users who have access will be held responsible and accountable for the actions
occurred in the systems.
The systems should be limited to viewing access, access in relation to making changes or
modifications, access of destruction of the data or information in the protected resources
to the users who were being authorized and have need to know the specific information
(Fay, et. al., 2018).
The organization shall limit the access of the systems or information on the basis of:
Users' formal clearance to have access to specific information.
Information’s sensitivity which is available in the objects.
Organizational security procedures are the basis of security functioning. The security procedures
focus on an important principle of guiding behavior. Security procedures of the organizations
help in providing information or details relating to the individual who is not aware that the
technology or processes can help in reaching the desired results of the procedures. The
6 | P a g e
Organizational security procedures are the procedures which are used for ensuring the
consistency in the execution and implementation of the security process and security control
methods. These are the procedures which are used to verify that record, an electronic signature,
or performance is detecting errors or changes in the data or information in the electronic record.
It helps in providing the security system to the organization from the various risks, threats, etc.
The organizational security procedure is established to minimize the administrative, physical, or
technical safeguards which can be used by the companies to prevent themselves from the data or
information to get unauthorized access, corruption, disclosure, or destruction. The organizational
security procedures are the set of policies which are imposed by the organizations in its business
activities to prevent the sensitive information or data of the organizations. Organizational
security procedures include:
The users who were being authorized by the organization to have access to the
information can gain access to the systems.
The users who have access will be held responsible and accountable for the actions
occurred in the systems.
The systems should be limited to viewing access, access in relation to making changes or
modifications, access of destruction of the data or information in the protected resources
to the users who were being authorized and have need to know the specific information
(Fay, et. al., 2018).
The organization shall limit the access of the systems or information on the basis of:
Users' formal clearance to have access to specific information.
Information’s sensitivity which is available in the objects.
Organizational security procedures are the basis of security functioning. The security procedures
focus on an important principle of guiding behavior. Security procedures of the organizations
help in providing information or details relating to the individual who is not aware that the
technology or processes can help in reaching the desired results of the procedures. The
6 | P a g e
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
organizations shall review the procedures on a regular basis and make updates in the procedures
accordingly within the time. The security procedures are important for the execution of security
management in relation to IT. These procedures help in setting up rules for the predicted
behavior of the users. The Board of Directors and management of the company is held
responsible for the effective procedures to be implemented in the organization and for
continuous reviewing. The effective IT-related security procedures help in preventing the
company from any kind of transferring of relevant, private, or confidential information from the
users to any unauthorized person. It prevents the organizations from insider trading and helps in
securing the important information of the company from the people having malicious intentions.
The procedures help in protecting important information from unauthorized use, access,
modification, destruction, inspection, disclosure, recording, etc. The organizational security
procedures include classification of information security, accessing of the control, cryptography,
encryption and decryption, information security policy, remote access policy, etc (Hayslip,
2018).
7 | P a g e
accordingly within the time. The security procedures are important for the execution of security
management in relation to IT. These procedures help in setting up rules for the predicted
behavior of the users. The Board of Directors and management of the company is held
responsible for the effective procedures to be implemented in the organization and for
continuous reviewing. The effective IT-related security procedures help in preventing the
company from any kind of transferring of relevant, private, or confidential information from the
users to any unauthorized person. It prevents the organizations from insider trading and helps in
securing the important information of the company from the people having malicious intentions.
The procedures help in protecting important information from unauthorized use, access,
modification, destruction, inspection, disclosure, recording, etc. The organizational security
procedures include classification of information security, accessing of the control, cryptography,
encryption and decryption, information security policy, remote access policy, etc (Hayslip,
2018).
7 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
M1 Propose a method to assess and treat IT security risks.
It is essential on the part of the organization to assess the risks of any nature to prevent the
operations of the organization. Risk assessment is the time consuming and expensive
procedure.The risk can be assessed by establishing the framework of risk management which
focuses on identification of the risk; once the risk is identified it will be analyzed to determine
the threats and vulnerabilities (Donnelly, 2018). The risk is then evaluated and the appropriate
method is chosen to eliminate the risks. Trojans are some kind of viruses which occurs in the
computer and provides access to the computer system and information stored in it to the users.
The risk matrix is one of the methods which can help in determining the risks and actions to be
taken to prevent, minimize or eliminate such risks. Risk matrix helps in determining the impact
of the specific risk on the operations and activities of the company. It helps the management to
determine the priorities of the activities so that the risks can be treated effectively.The risk matrix
is used to identify the types of risks associated and developing of the response in order to
manage the risks. The risks can be rated on the basis of the following:
Very High
High
Moderate
Low
Very Low
The risk rating is used to take corrective measures by prioritizing the risk which is rated as very
high. It helps in eliminating the major risk and preventing the operations of the business.
8 | P a g e
It is essential on the part of the organization to assess the risks of any nature to prevent the
operations of the organization. Risk assessment is the time consuming and expensive
procedure.The risk can be assessed by establishing the framework of risk management which
focuses on identification of the risk; once the risk is identified it will be analyzed to determine
the threats and vulnerabilities (Donnelly, 2018). The risk is then evaluated and the appropriate
method is chosen to eliminate the risks. Trojans are some kind of viruses which occurs in the
computer and provides access to the computer system and information stored in it to the users.
The risk matrix is one of the methods which can help in determining the risks and actions to be
taken to prevent, minimize or eliminate such risks. Risk matrix helps in determining the impact
of the specific risk on the operations and activities of the company. It helps the management to
determine the priorities of the activities so that the risks can be treated effectively.The risk matrix
is used to identify the types of risks associated and developing of the response in order to
manage the risks. The risks can be rated on the basis of the following:
Very High
High
Moderate
Low
Very Low
The risk rating is used to take corrective measures by prioritizing the risk which is rated as very
high. It helps in eliminating the major risk and preventing the operations of the business.
8 | P a g e
LO 2
P3 Identify the potential impact on IT security of incorrect configuration of firewall
policies and third-party VPNs.
Firewall policies are the applications designed to control the flowing of the traffic of Internet
Protocol from or to an electronic device or a network. It helps in providing security to the
organization in managing its resources. It allows in blocking or allowing various network traffic
types which are not specified. Firewall is the hardware or software which is designed to
determine the network trafficking by utilizing various policy statements in order to block the
unsanctioned access and permitting accredited communications to or from an electronic device
or a network. Firewall configurations are the system settings which affects the activities of the
firewall appliance (Kinder, et. al., 2018).
It is integral to manage the firewall configuration because of the increased number of threats.
Firewall configuration is a vital part of network security. There are various common types which
are:
1) Logging out from other devices: The employees in the organizations do not log out
from the devices and become a problem in network security. The employee will not get
alerts of the attacks and he/ she will have to pay a higher cost of the same. Hence, the
company installs firewall security to identify and block unauthorized users.
2) Wide Policy Configuration: Firewall assist in setting up policies and procedures which
allows the flowing of network trafficking from one source to another. The organization
permits users to have access to various applications in order to identify the changing
trends and the required amount of connectivity.
These help the organizations in improving the security systems and elimination of the risks
occurred because of firewall mistakes.
VPN commonly known as Virtual Private Network is a kind of a pathway from where the
data or information is securely exchanged. It helps the organizations to protect their IP
address, hiding physical location, avoidance of censorship blocks, etc. Most of the
9 | P a g e
P3 Identify the potential impact on IT security of incorrect configuration of firewall
policies and third-party VPNs.
Firewall policies are the applications designed to control the flowing of the traffic of Internet
Protocol from or to an electronic device or a network. It helps in providing security to the
organization in managing its resources. It allows in blocking or allowing various network traffic
types which are not specified. Firewall is the hardware or software which is designed to
determine the network trafficking by utilizing various policy statements in order to block the
unsanctioned access and permitting accredited communications to or from an electronic device
or a network. Firewall configurations are the system settings which affects the activities of the
firewall appliance (Kinder, et. al., 2018).
It is integral to manage the firewall configuration because of the increased number of threats.
Firewall configuration is a vital part of network security. There are various common types which
are:
1) Logging out from other devices: The employees in the organizations do not log out
from the devices and become a problem in network security. The employee will not get
alerts of the attacks and he/ she will have to pay a higher cost of the same. Hence, the
company installs firewall security to identify and block unauthorized users.
2) Wide Policy Configuration: Firewall assist in setting up policies and procedures which
allows the flowing of network trafficking from one source to another. The organization
permits users to have access to various applications in order to identify the changing
trends and the required amount of connectivity.
These help the organizations in improving the security systems and elimination of the risks
occurred because of firewall mistakes.
VPN commonly known as Virtual Private Network is a kind of a pathway from where the
data or information is securely exchanged. It helps the organizations to protect their IP
address, hiding physical location, avoidance of censorship blocks, etc. Most of the
9 | P a g e
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
organizations use VPNs to improve the security of the networks (Ikram, et. al., 2016). There
are mainly two types of VPNs, which are:
1) Site to site: This type of virtual private network uses the network of the entire world. It
helps in connecting the network to the entire organization. Using such type of VPN, the
employees of the organization can share their data or information with a high level of
security and in an encrypted form.
2) Remotely Access: It is a type in which the organization gives private access to the
network to the clients. The access is provided through VPN gateway which helps in
identifying and authenticating the identity of the user.
Hence the VPNs and firewall policies affect the IT security of the organization. The firewall
policies protect the third parties to have unaccredited access to the data or information of the
company and use it for its personal benefit. It helps in blocking the pathway of users with
malicious intentions (Alaba, et. al., 2017).
10 | P a g e
are mainly two types of VPNs, which are:
1) Site to site: This type of virtual private network uses the network of the entire world. It
helps in connecting the network to the entire organization. Using such type of VPN, the
employees of the organization can share their data or information with a high level of
security and in an encrypted form.
2) Remotely Access: It is a type in which the organization gives private access to the
network to the clients. The access is provided through VPN gateway which helps in
identifying and authenticating the identity of the user.
Hence the VPNs and firewall policies affect the IT security of the organization. The firewall
policies protect the third parties to have unaccredited access to the data or information of the
company and use it for its personal benefit. It helps in blocking the pathway of users with
malicious intentions (Alaba, et. al., 2017).
10 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
P4 Show, using an example for each, how implementing a DMZ, static IP and NAT in a
network can improve Network Security.
Network security is an important concern for every IT company and the organisation like CC
College. For the security of the network, there are various majors taken by the companies and
organizations, some of them are:
DMZ: DMZ stands for the Demilitarised zone. The function of the Demilitarised zone is to
provide a separate zone for the local area network without giving access to any external network
or breach from the outside. By the use of DMZ, the companies are creating a barrier for the
hackers who want access to the data of the organisation. DMZ can be designed in many ways
but normally firewalls are created to make DMZ. The use of DMZ is beneficial because it allows
the use of public internet in a much-secured manner. For example, if the organisation wants to
use the internet securely, then it should use DMZ in the place of using the local area network.
The use of DMZ also allows giving authorisation to some of its user by which they can access to
the data of the organisation (Techtarget, 2018).
(Source: Techtarget, 2018)
Static IP: Static IP can be defined as the constant IP address which doesn’t change time to time,
it remains the same as before. It is a very useful method for the security reason as the static IP
remains constant, only the person who knows the IP address can get access to it. Also, it can be
used when a person is away from his system but needs to download any file then basically he just
11 | P a g e
network can improve Network Security.
Network security is an important concern for every IT company and the organisation like CC
College. For the security of the network, there are various majors taken by the companies and
organizations, some of them are:
DMZ: DMZ stands for the Demilitarised zone. The function of the Demilitarised zone is to
provide a separate zone for the local area network without giving access to any external network
or breach from the outside. By the use of DMZ, the companies are creating a barrier for the
hackers who want access to the data of the organisation. DMZ can be designed in many ways
but normally firewalls are created to make DMZ. The use of DMZ is beneficial because it allows
the use of public internet in a much-secured manner. For example, if the organisation wants to
use the internet securely, then it should use DMZ in the place of using the local area network.
The use of DMZ also allows giving authorisation to some of its user by which they can access to
the data of the organisation (Techtarget, 2018).
(Source: Techtarget, 2018)
Static IP: Static IP can be defined as the constant IP address which doesn’t change time to time,
it remains the same as before. It is a very useful method for the security reason as the static IP
remains constant, only the person who knows the IP address can get access to it. Also, it can be
used when a person is away from his system but needs to download any file then basically he just
11 | P a g e
has to go to the IP address and from this, he can get access to the system and can download the
files easily. By the use of static IP address instead of dynamic IP address, the accuracy of
geolocation is more in static IP. For example, if someone wants to access the system at home, the
static IP address can be used. The use of the DNS server is also a part of using the static IP
system for the work location (Lifewire, 2018).
NAT: NAT stands for Network Address Translation. It can be defined as the process of setting a
limit for the IP address that can be accessed within the organisation for the purpose of security.
The NAT method of network security is used in the universities and the commercial companies
to create a common IP address for the systems of the organisation which can be used by many
systems together. For example, if in a home, there is one router for internet then one common IP
address will allow all the systems of that home to use that router simultaneously. The use of
NAT is very useful as it allows an organisation to use many systems together under the roof of
one IP address. It provides network security by hiding all the systems from the external access to
the system as the connection with the internet is not directly to the external systems (It, 2017).
12 | P a g e
files easily. By the use of static IP address instead of dynamic IP address, the accuracy of
geolocation is more in static IP. For example, if someone wants to access the system at home, the
static IP address can be used. The use of the DNS server is also a part of using the static IP
system for the work location (Lifewire, 2018).
NAT: NAT stands for Network Address Translation. It can be defined as the process of setting a
limit for the IP address that can be accessed within the organisation for the purpose of security.
The NAT method of network security is used in the universities and the commercial companies
to create a common IP address for the systems of the organisation which can be used by many
systems together. For example, if in a home, there is one router for internet then one common IP
address will allow all the systems of that home to use that router simultaneously. The use of
NAT is very useful as it allows an organisation to use many systems together under the roof of
one IP address. It provides network security by hiding all the systems from the external access to
the system as the connection with the internet is not directly to the external systems (It, 2017).
12 | P a g e
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.