HNC Computing - Unit 5: Security Risks and Risk Management Report

Verified

Added on 2022/08/26

AI Summary

This report provides an overview of IT security risks and risk management strategies. It begins with an introduction to security systems, highlighting the importance of network security and the role of firewalls, DMZ zones, static IPs, and NAT in preventing attacks. The report then details various types of security risks, including computer viruses, rogue software, Trojan horses, adware, spyware, computer worms, DOS/DDOS attacks, phishing, rootkits, SQL injection attacks, and man-in-the-middle attacks. Each risk is described in detail, explaining its potential impact on an organization. The report further outlines organizational security procedures, such as authorization of security roles, user behavior expectations, and business continuity plans. It also discusses risk assessment methods, including asset listing, consequence identification, threat identification, vulnerability assessment, and risk treatment. Finally, the report covers the treatment for IT security risks, including risk assessment, the development of a risk management plan and strategy, and defining risk mitigation processes. The report concludes by emphasizing the importance of proactive security measures and offers insights into improving network security through various techniques. The bibliography provides a list of relevant research papers on the topic.

RISKS AND RISK
MANAGEMENT
Name of the Student
Name of the University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION
• The security system are integrated with the computer networks for
monitoring and preventing the unauthorized access, modification and
misuse of information. The security of a network can be improved by
analyzing the firewall configuration and reconfiguring it to restrict the
unauthorized user to access the network. DMZ zone can be implemented
along with the use of static IP and NAT such that different types of attacks
such as DDOS can be restricted and the performance of the network is
not affected.

TYPES OF SECURITY RISK TO AN
ORGANIZATION
• Computer virus
• Rogue security software
• Trojan horse
• Adware and spyware
• Computer worm
• DOS and DDOS attack
• Phishing
• Rootkit
• SQL Injection attack
• Man-in-the-middle attacks

SECURITY RISK DESCRIPTION
• Computer virus – It is designed for spreading between the hosts and are sent as
email attachment or downloaded from malicious websites. It have the intention to
infect the system by utilizing systems on the network.
• Rogue security software – It is malicious software used for misleading user and
believing that virus is installed or system is vulnerable. The user is offered to update
security settings that can lead to installation of malware in the computer.
• Trojan horse – It can record the password by hacking webcam or recording
keystrokes and steal sensitive data residing in the computer.
• Adware and spyware – It can consist of key logger intended for recording personal
information such as mail address, password, credit card and theft the identity.
• Computer worm – It is malware program that replicate and spread quickly with the
computers and the contacts. It is used for exploitation of software vulnerability.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SECURITY RISK DESCRIPTION
(CONTD.)
• DOS and DDOS attack – It is used for flooding website with data packet for
making it impossible to the legitimate user for accessing content.
• Phishing – It is a social engineering attack having goal to obtain sensitive
data for example username, password and credit card.
• Rootkit – multiple software tool can combine to form rootkit for enabling
remote control and access at administration level for the computer network.
After gaining the remote access multiple malicious action can be performed.
• SQL Injection attack – It is designed for targeting the data driven application
with the exploitation of vulnerability present in the application software.
• Man-in-the-middle attacks – It allows the attacker to eavesdrop the
communication between the two target by listening to the communication.

ORGANIZATION SECURITY
PROCEDURES
• Authorization of security roles and responsibility
• Setting up rules for expectation of behavior from the users and security
role players
• Setting up rules for business continuity plan
• Support for higher level in management
• Should be agreed by majority of the personnel working in the
organization

RISK ASSESSMENT METHODS
The following are the steps that are needed to be followed for risk
assessment:
• Listing the valuable assets
• Identification of potential consequence
• Threat identification with their level
• Vulnerability identification and assessment of their likelihood

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TREATMENT OF IT SECURITY
RISKS
• The following are the treatment for mitigation of security risk
• Assessment of risk
• Development of risk management plan
• Development of a strategy
• Defining risk mitigation process

CONCLUSION
• The security issues can rise due to different reason such flaws in the
network security configuration, lack of authentication and authorization,
etc. The possible security mechanism techniques that can be applied for
improving the security. A discussion is made on the firewall policy
misconfiguration impact, improvement that can be made with the
implementation of DMZ, NAT and static IP address.

BIBLIOGRAPHY
• Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep
neural network for in-vehicle network security. PloS one, 11(6), e0155781.
• Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private
communication in a public world. Pearson Education India.
• Rathore, S., Sharma, P. K., Loia, V., Jeong, Y. S., & Park, J. H. (2017). Social
network security: Issues, challenges, threats, and solutions. Information
sciences, 421, 43-69.
• Shin, S., Xu, L., Hong, S., & Gu, G. (2016, August). Enhancing network
security through software defined networking (SDN). In 2016 25th
international conference on computer communication and networks
(ICCCN) (pp. 1-9). IEEE.