Comprehensive Analysis of IT Security Risks and Procedures

Verified

Added on 2022/12/29

AI Summary

This report provides a detailed analysis of IT security risks, including spam, viruses, malware, and network monitoring, and examines various organizational security procedures such as administrative, technical, anti-virus, server, router, and physical procedures. It further explores the impact of incorrect configurations of firewall policies, unplanned outages, and third-party VPNs, emphasizing data breaches and connection inaccuracies. The report also highlights the benefits of implementing network-monitoring systems like DMZ for access control and network reconnaissance prevention, static IP for stability and speed, and NAT for conserving IP address space and ensuring privacy. The analysis is supported by references to relevant literature, providing a comprehensive overview of IT security management.

Security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Types of security risks to organization
Spam
There are business mails which are most of spam which means that they are not of use or can harm the system if they are opened by anyone. It consists
various frauds and misconducts which can easily destroy the system and it's data which can be important or confidential. Therefore, it is one of the type of
security risk.
Viruses
There are various viruses which affects the system's data and even can destroy the normal working of the systems by corrupting it's operating systems and
other major losses. There are various types of viruses which attacks different fields of systems and different manner. Therefore, it is an another type of
security risk associated with IT.
Malware
It is a type of software which is especially designed and developed to destroy or damage the computer systems to it's extent. It consist trojan, worms,
spyware and many more. These are attacked through internet sources by visiting unknown or unauthorised sites. Therefore, it is considered as the type of
security risk to IT (Alshare, Lane and Lane, 2018).
Network monitoring
It consist servers which are connected to the systems and which are responsible to manage all it's clients activities. It mainly monitors network throughout
various other systems which are connected to it. This can be insecure because data travels around the network which sometimes can be private otherwise
public and anyone can use or misuse such data. This has proven a major loss to the business and can affect the business negatively. Therefore it can create
the risk to the IT security.
Other risks
Unauthorized use of a system without damage to data, Unauthorized removal or copying of data or code from a system, Damage to or
destruction of physical system assets and environment, Damage to or destruction of data or code inside or outside the system and naturally
occurring risks.

Organizational security procedures
Administrative procedures
This procedure includes various other forms like acceptable use procedures, general use and ownership, security and proprietary information and unacceptable use. These are the forms in which company
works and implement accordingly as per their needs and requirements. Therefore, such procedures are managed by the top level management of an organization.
Technical procedures
This procedure includes various other forms like information sensitivity, public information, sensitive information, transmission encryption methodology, website access to high risk information, remote
access, database storage sensitive information, password procedures and many more. These are the forms in which company works and implement accordingly as per their needs and requirements. Therefore,
such procedures are managed by the IT employees of an organization.
Anti-virus procedures
This procedure assist the company in maintaining the system secure by downloading or installing the anti virus software in the systems which are responsible to fight with viruses that can damage the
systems drastically.
Server procedures
This procedure includes various other forms like ownership and responsibilities, general configuration guidelines and monitoring. These are the forms in which company works and implement accordingly as
per their needs and requirements. Therefore, such procedures are managed by the central department of an organization (Easttom, 2019)(Haqaf and Koyuncu, 2018).
Router procedures
This procedure includes various other forms like wireless communication procedures and encryption and authentication. These are the forms in which company works and implement accordingly as per their
needs and requirements. Therefore, such procedures are managed by the networking department of an organization.
Physical procedures
This procedure includes various other forms like storage and compliance information. Therefore, such procedures are managed by the database handling department of an organization.
Others procedures
Initiate, plan, execute, monitor and control information security activities across the organization, in an effort to successfully achieve organizational security objectives, roles and
responsibilities for information security and need to consider: data, network, systems, operational impact of security breaches, web systems and wireless systems.

Impact to IT security of incorrect
configuration
Firewall policies
Compliance violations
While configuring the firewall policies, it is important to ensure that the proper rules and regulations are followed as per the laws and
ethics. And if they are not followed then it can result in misconduct and can leads to the compliance violations. Which means not
following the appropriate methods to configure that contradicts the ethics of firewall policies (Limba, Plėta, Agafonov and Damkus,
2019).
Unplanned outages
It means that if firewall is not connected or configured properly throughout the network then an organization will face huge difficulty
in connecting with it's customers and if they aren't able to communicate with the customers then it will be impossible for the business
to maintain it's stability in the market, which can cause a great loss to the company.
Third-party VPNs
Data breach
If third party VPNs are not configured properly then it can lead to the breaches especially data which is the most important part for
every every business. This cannot be taken as lightly as it seems to be. Because data breach is very serious problem through which
business can result in shutting down due to the huge losses borne by the company.
Connection inaccuracy
Third party VPNs, if not configured correctly then it can create a connection problem to the internet which is the most important
resource for any business. If internet or network connection is not proper in an organization then it can be the most difficult for the
firm to manage it's operations successfully. Therefore, it is required to configure all the networks very carefully (Loukaka and
Rahman, 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Benefits to implement network-monitoring
systems
DMZ
Enabling access control
DMZ helps the business in providing access to the users to their services through it's networking modes installed and developed in their systems. It provides more easiness and convenient
to access and control such systems to the users to enable them to access the services they are providing.
Preventing network reconnaissance
DMZ benefits the business by preventing them from useless buffering between the internet and private network because this creates the sense of huge complications between personal and
private network so therefore preventing network reconnaissance function is performed by the DMZ (Nasir, Arshah and Ab Hamid, 2017).
Static IP
Stability
Static IP helps the firm in maintaining the stability in consistency in it's IP addresses of their systems and network without any complications and easy to use methodology. This supports
the company in it's smooth operations and handling the management in an organization.
Fast speed of downloads and uploads
Static IP has a good speed and provide better network in accessing the internet by an organization. This assist the firm in maintaining the speedily access to the network so that they can
communicate to their customers in a n instant manner without any hindrances.
NAT
Conserving IP address space
There are various servers and different clients connected to them. This means they can obviously takes space in connecting large number of clients to it's servers. NAT helps the firm to
conserve IP address space in their systems therefore maintaining the sustainability in IT.
Privacy
NAT helps the firm in maintaining the privacy in it's IP address and do not share internal and external IP address with each other until and unless permission is not being received by the
authorised people (Nieles, Dempsey and Pillitteri, 2017).

References
Alshare, K.A., Lane, P.L. and Lane, M.R., 2018. Information security policy compliance: a higher education case
study. Information & Computer Security.
Easttom, C., 2019. Computer security fundamentals. Pearson IT Certification.
Haqaf, H. and Koyuncu, M., 2018. Understanding key skills for information security managers. International
Journal of Information Management, 43, pp.165-172.
Hwang, I., Kim, D., Kim, T. and Kim, S., 2017. Why not comply with information security? An empirical
approach for the causes of non-compliance. Online Information Review.
Limba, T., Plėta, T., Agafonov, K. and Damkus, M., 2019. Cyber security management model for critical
infrastructure.
Loukaka, A. and Rahman, S., 2017. Discovering new cyber protection approaches from a security professional
prospective. International Journal of Computer Networks & Communications (IJCNC) Vol, 9.
Nasir, A., Arshah, R.A. and Ab Hamid, M.R., 2017, April. Information security policy compliance behavior based
on comprehensive dimensions of information security culture: A conceptual framework. In Proceedings of
the 2017 International Conference on Information System and Data Mining (pp. 56-60).
Nieles, M., Dempsey, K. and Pillitteri, V., 2017. An introduction to information security (No. NIST Special
Publication (SP) 800-12 Rev. 1 (Draft)). National Institute of Standards and Technology.