Assessing IT Security and Risk Management for ABC University
VerifiedAdded on 2023/01/04
|25
|7497
|68
Report
AI Summary
This report provides a comprehensive analysis of IT security and risk management within the context of ABC University, focusing on the implementation of an Information Security Management System (ISMS). The report defines the university's operations, personnel roles, IT infrastructure, and stakeholders, highlighting the interconnectedness of various departments and the significance of a centralized database. It identifies key assets protected by the ISMS, including hardware, software, and services, along with their valuation. The report also examines potential threats and exposures, including those related to data security, and proposes strategies for risk assessment and mitigation. The analysis encompasses the university's physical and IT infrastructure, as well as the roles of various stakeholders. The report also addresses the changing nature of IT security risk management, including the need for continuous evaluation and adaptation of security measures. It concludes with recommendations for a robust risk treatment plan.
Managing IT Security and Risk
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
EXECUTIVE SUMMARY
In this documentation, it has analysed about the concept of modern technology that applicable
within organization to improve their business performance and efficiency. This report is mainly
focused on the ABC University that has been implemented as ISMS (Information security
management system) technique to protect or secure different business operations. It helps to
prevent data and information. In this report it has been summarised about the University of ABC
and its operations, roles of personnel, IT infrastructure and stakeholders. Identifying the different
key asset that help to protect ISMS. Thus, it is necessary to identify risk which can occur in it so
that accordingly strategies and measures are taken.
2
In this documentation, it has analysed about the concept of modern technology that applicable
within organization to improve their business performance and efficiency. This report is mainly
focused on the ABC University that has been implemented as ISMS (Information security
management system) technique to protect or secure different business operations. It helps to
prevent data and information. In this report it has been summarised about the University of ABC
and its operations, roles of personnel, IT infrastructure and stakeholders. Identifying the different
key asset that help to protect ISMS. Thus, it is necessary to identify risk which can occur in it so
that accordingly strategies and measures are taken.
2
Contents
EXECUTIVE SUMMARY.............................................................................................................2
INTRODUCTION...........................................................................................................................4
TASKS.............................................................................................................................................4
Define the organisation and the business unit’s operations, roles of the personnel, IT and
physical infrastructure, and stakeholders.....................................................................................4
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets......................................................................6
Threats and exposures Research..................................................................................................9
CONCLUSION..............................................................................................................................23
REFERENCES..............................................................................................................................24
3
EXECUTIVE SUMMARY.............................................................................................................2
INTRODUCTION...........................................................................................................................4
TASKS.............................................................................................................................................4
Define the organisation and the business unit’s operations, roles of the personnel, IT and
physical infrastructure, and stakeholders.....................................................................................4
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets......................................................................6
Threats and exposures Research..................................................................................................9
CONCLUSION..............................................................................................................................23
REFERENCES..............................................................................................................................24
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INTRODUCTION
With advancement in technology there are many new software and tools which are
developed. so, it is necessary to prevent data and information. This is because there are many
threats which are occurring and it has led to breach of security. Due to that, data security is being
affected. Thus, it is necessary to identify risk which can occur in it so that accordingly strategies
and measures are taken (Al-Dhahri, Al-Sarti, and Abdul, 2017). For that new and advance
technology is being implemented. Moreover, technology is helpful in preventing data threats and
breach of it. By stealing confidential data, hackers are able to earn money. For every business its
privacy and security are necessary elements to be protected. Similarly, The University of ABC
is university in which a new information security management system is been installed. This is
done to prevent risk that can occur in it. Furthermore, the new system can be used to store and
manage info. It will protect key asset of university as well. ISMS is a security management
system refer to policy and procedure for managing confidential data and info. It also enables in
reducing risk and protecting data privacy and security in it.
In this report it will be discussed about The University of ABC and its operations, roles of
personnel, IT infrastructure and stakeholders. Also, it will be described about key asset that
ISMS protect. In addition, the threats and elements which has occurred is explained. Also, threats
and risk assessment as well as strategies to control it will be mentioned. The risk associated with
new technology along with strategies will be included in this report as well (Ključnikov¹,, Mura,
and Sklenár, 2019).
TASKS
Define the organisation and the business unit’s operations, roles of the personnel, IT and physical
infrastructure, and stakeholders
The University of ABC is a university that is operating in UK. In that there are various
departments which are being run such as management, science, biology, etc. There is a large
campus in which all these operations are interconnected with one another. Besides that, there are
various sections as well for each department like IT, help desk, administrator, etc. Therefore,
4
With advancement in technology there are many new software and tools which are
developed. so, it is necessary to prevent data and information. This is because there are many
threats which are occurring and it has led to breach of security. Due to that, data security is being
affected. Thus, it is necessary to identify risk which can occur in it so that accordingly strategies
and measures are taken (Al-Dhahri, Al-Sarti, and Abdul, 2017). For that new and advance
technology is being implemented. Moreover, technology is helpful in preventing data threats and
breach of it. By stealing confidential data, hackers are able to earn money. For every business its
privacy and security are necessary elements to be protected. Similarly, The University of ABC
is university in which a new information security management system is been installed. This is
done to prevent risk that can occur in it. Furthermore, the new system can be used to store and
manage info. It will protect key asset of university as well. ISMS is a security management
system refer to policy and procedure for managing confidential data and info. It also enables in
reducing risk and protecting data privacy and security in it.
In this report it will be discussed about The University of ABC and its operations, roles of
personnel, IT infrastructure and stakeholders. Also, it will be described about key asset that
ISMS protect. In addition, the threats and elements which has occurred is explained. Also, threats
and risk assessment as well as strategies to control it will be mentioned. The risk associated with
new technology along with strategies will be included in this report as well (Ključnikov¹,, Mura,
and Sklenár, 2019).
TASKS
Define the organisation and the business unit’s operations, roles of the personnel, IT and physical
infrastructure, and stakeholders
The University of ABC is a university that is operating in UK. In that there are various
departments which are being run such as management, science, biology, etc. There is a large
campus in which all these operations are interconnected with one another. Besides that, there are
various sections as well for each department like IT, help desk, administrator, etc. Therefore,
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
there is no centralised system within university. But data and info of all students is stored in
database that is accessible to all sections and departments. Moreover, it has been analysed that a
technical support help desk in university is established. The role is to maintain overall IT
infrastructure in university. Also, they operate with other departments as well. There are various
people who are working in university in different department and sections. It is stated that their
role and responsibility vary from one another (Proença, and Borbinha, 2018). The administrator
role is to manage all activities such as approving students details, checking it, etc. Besides that,
in technical support IT expert role is to monitor overall IT systems and equipment, maintain it,
installation, checking, etc. The IT manager control and take report from IT expert regarding IT
section.
The IT infrastructure in university is not so advance enough. It is evaluated that there is
one central database where all students data is stored. Also, there is central server through which
all other departments server is connected. Each department is having its own server.
Furthermore, entire university is connected via LAN. There is also communication system
installed that is followed by The University of ABC . The IT infrastructure consists of building,
computer systems, printer, fax machine, etc that are connected to server. Additionally, physical
infra of university is campus, inverter, A/c, and other facilities. Thus, these all are entire infra of
university.
It has been stated that there are various stakeholders of university which can impact on its
operation and implementation of ISMS. These stakeholders need to be involved in decision
making and their needs must be identified. So, they are identified as below:
Students- they are main stakeholder of university that take admission in it. Also, they are those
whose data and info is stored in database. Alongside, student use systems and other IT software
tools and equipment (Stewart, and Jürjens, 2017).
Government- The government is stakeholder as they form rules and regulations that is applied
and followed by university. Other than this, they are responsible for controlling and monitoring
university as well. Here, both local and state government monitor and control university
5
database that is accessible to all sections and departments. Moreover, it has been analysed that a
technical support help desk in university is established. The role is to maintain overall IT
infrastructure in university. Also, they operate with other departments as well. There are various
people who are working in university in different department and sections. It is stated that their
role and responsibility vary from one another (Proença, and Borbinha, 2018). The administrator
role is to manage all activities such as approving students details, checking it, etc. Besides that,
in technical support IT expert role is to monitor overall IT systems and equipment, maintain it,
installation, checking, etc. The IT manager control and take report from IT expert regarding IT
section.
The IT infrastructure in university is not so advance enough. It is evaluated that there is
one central database where all students data is stored. Also, there is central server through which
all other departments server is connected. Each department is having its own server.
Furthermore, entire university is connected via LAN. There is also communication system
installed that is followed by The University of ABC . The IT infrastructure consists of building,
computer systems, printer, fax machine, etc that are connected to server. Additionally, physical
infra of university is campus, inverter, A/c, and other facilities. Thus, these all are entire infra of
university.
It has been stated that there are various stakeholders of university which can impact on its
operation and implementation of ISMS. These stakeholders need to be involved in decision
making and their needs must be identified. So, they are identified as below:
Students- they are main stakeholder of university that take admission in it. Also, they are those
whose data and info is stored in database. Alongside, student use systems and other IT software
tools and equipment (Stewart, and Jürjens, 2017).
Government- The government is stakeholder as they form rules and regulations that is applied
and followed by university. Other than this, they are responsible for controlling and monitoring
university as well. Here, both local and state government monitor and control university
5
operations. The installation of ISMS has to be in accordance with government policies and
guidelines.
Professors- They are teachers, lecturers, etc. who teaches students within university. They play
vital role in it as teachers uses IT infrastructure and systems in it. Apart from it, professors also
get involved in decision making. Moreover, in implementing of ISMS they will play important
role.
Trustee- These stakeholders provide or donate fund to university for its operations. The trustee
also allocates resources and capital to university. Furthermore, there is high impact of operations
on university by them. However, for implementing ISMS they provide funds.
Suppliers and vendors- They are the stakeholder that provide tools and equipment to university.
There is high impact on them with implementation of ISMS. The vendors are directly liked to
university. It is important to select right suppliers so that high quality materials are purchased
from them.
ISMS is a security management system refer to policy and procedure for managing
confidential data and info. It also enables in reducing risk and protecting data privacy and
security in it. Here, risk assessment is done to find out various risk which can occur and
strategies to reduce it. By implementing this it helps in proper and effective storing of data and
info. Furthermore, all policy and procedure will be followed in storing of info. (Stewart, and
Jürjens, 2017).
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets.
The University of ABC that are endeavouring to implement an information security management
system. It has been already to attempt to determine all essential key assets. There are various
kind of assets register in place and consider an idea of ISMS. Furthermore, there are different
kind of key assets applicable in the information security management system (ISMS) in the
organization (Kotenko, Fedorchenko and Doynikov, 2020). It involves information assets,
6
guidelines.
Professors- They are teachers, lecturers, etc. who teaches students within university. They play
vital role in it as teachers uses IT infrastructure and systems in it. Apart from it, professors also
get involved in decision making. Moreover, in implementing of ISMS they will play important
role.
Trustee- These stakeholders provide or donate fund to university for its operations. The trustee
also allocates resources and capital to university. Furthermore, there is high impact of operations
on university by them. However, for implementing ISMS they provide funds.
Suppliers and vendors- They are the stakeholder that provide tools and equipment to university.
There is high impact on them with implementation of ISMS. The vendors are directly liked to
university. It is important to select right suppliers so that high quality materials are purchased
from them.
ISMS is a security management system refer to policy and procedure for managing
confidential data and info. It also enables in reducing risk and protecting data privacy and
security in it. Here, risk assessment is done to find out various risk which can occur and
strategies to reduce it. By implementing this it helps in proper and effective storing of data and
info. Furthermore, all policy and procedure will be followed in storing of info. (Stewart, and
Jürjens, 2017).
Define the key assets that ISMS (Information security management system) protect within
proposed business and provide valuation of assets.
The University of ABC that are endeavouring to implement an information security management
system. It has been already to attempt to determine all essential key assets. There are various
kind of assets register in place and consider an idea of ISMS. Furthermore, there are different
kind of key assets applicable in the information security management system (ISMS) in the
organization (Kotenko, Fedorchenko and Doynikov, 2020). It involves information assets,
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
supporting assets like hardware, people, buildings, software. Moreover, it also considered
intangible assets such as brand and reputation.
A common method or technique of identifying assets and then perform appropriate suitable
activities. Usually, a produce list of assets such as presented by manager of university ABC.
However, governance perspective there is primary responsibility of information security to
ensure that manager have improved their own understanding towards information assets. Various
assets relevance within a corporate governance structure to manage or control all essential assets
in proper manner.
In ABC University, A version of information security standard has been introduced as
distinct change to ISO 27001 requirements which now expect all information assets to be
consider rather than other physical assets (Brunner, Mussmann and Breu, 2019). Basically, it
including the value of enterprise where information about student, staff members are stored,
processed and accessible through information system. in some situation, information is consider
as real interest, less so network and other device, although clearly defining the assets.
Physical assets are basically associated with entire IT infrastructure and its processing:
Hardware- typically, it including IT servers, workstation, mobile devices and other kind
of network equipment’s. These are consider as useful that help to establish connection
with another network. In order to share an information from one device to another but it
is important to manage or control security aspects otherwise, it will increase a complex
situation of engineer to handle network connection through assets.
Software- It is another kind of asset which mainly purchased by ABC university.
Sometimes, it would upgrade their information system because it can utilise to improve
security and privacy. Software assets are considered the important role played within
ISMS (Information security Management system), providing the better way to increase
overall performance and efficiency of operational task.
Services- The actual server provided by end users through database system, e-mail etc. In
ABC University, higher authority will use different medium to interact with students,
7
intangible assets such as brand and reputation.
A common method or technique of identifying assets and then perform appropriate suitable
activities. Usually, a produce list of assets such as presented by manager of university ABC.
However, governance perspective there is primary responsibility of information security to
ensure that manager have improved their own understanding towards information assets. Various
assets relevance within a corporate governance structure to manage or control all essential assets
in proper manner.
In ABC University, A version of information security standard has been introduced as
distinct change to ISO 27001 requirements which now expect all information assets to be
consider rather than other physical assets (Brunner, Mussmann and Breu, 2019). Basically, it
including the value of enterprise where information about student, staff members are stored,
processed and accessible through information system. in some situation, information is consider
as real interest, less so network and other device, although clearly defining the assets.
Physical assets are basically associated with entire IT infrastructure and its processing:
Hardware- typically, it including IT servers, workstation, mobile devices and other kind
of network equipment’s. These are consider as useful that help to establish connection
with another network. In order to share an information from one device to another but it
is important to manage or control security aspects otherwise, it will increase a complex
situation of engineer to handle network connection through assets.
Software- It is another kind of asset which mainly purchased by ABC university.
Sometimes, it would upgrade their information system because it can utilise to improve
security and privacy. Software assets are considered the important role played within
ISMS (Information security Management system), providing the better way to increase
overall performance and efficiency of operational task.
Services- The actual server provided by end users through database system, e-mail etc. In
ABC University, higher authority will use different medium to interact with students,
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
staff members regarding improvement of IT infrastructure. Thus, it help for collecting or
gathering large amount information or data. Service may be website, providing the better
views of users where they can easily access information. Afterwards, it is also identifying
the availability of information. For campus ISMS, it is an essential part of university to
maintain the security or privacy within their information system. Therefore, each and
every users can accessible multiple services in order share information from other
devices.
Any kind of asset can be established the grouping together in logical manner. Sometimes, it
would be considered all essential factors such as classification, information type and other
financial or non-financial values.
Within ABC University, ISMS must use to protect or secure of entire proposed business
unit and provide the better valuation of assets. As earlier mention the different assets that have
performed the specific role in which support for business in long term. It ensure that adequate
security protection throughout enterprise without any kind of accurate IT asset inventory to
validate as well as verify (Foege, Lauritzen and Salge, 2019). In this way, ABC University has
been conducting in the management program as fundamental to manage or control information
risks, threats more effectively.
Where Information assets and physical assets are considered ISMS scope, risks must be
assessed of any kind of loss or degradation occurs within information system. There are certain
responsibility of assets.
Inventory of assets
All IT hardware devices that are purchased by university, running or managing by
administrator. In order to monitor or track all activities. But certain level, it may show as out of
scope within ISMS. Different type of information related to students, staff members which may
be classified as special category under protection regulation. ISMS (Information security
management system) have been protected the sensitive information or data because of valuable
assets. As already identified the different essential assets that need to be handled accordance with
8
gathering large amount information or data. Service may be website, providing the better
views of users where they can easily access information. Afterwards, it is also identifying
the availability of information. For campus ISMS, it is an essential part of university to
maintain the security or privacy within their information system. Therefore, each and
every users can accessible multiple services in order share information from other
devices.
Any kind of asset can be established the grouping together in logical manner. Sometimes, it
would be considered all essential factors such as classification, information type and other
financial or non-financial values.
Within ABC University, ISMS must use to protect or secure of entire proposed business
unit and provide the better valuation of assets. As earlier mention the different assets that have
performed the specific role in which support for business in long term. It ensure that adequate
security protection throughout enterprise without any kind of accurate IT asset inventory to
validate as well as verify (Foege, Lauritzen and Salge, 2019). In this way, ABC University has
been conducting in the management program as fundamental to manage or control information
risks, threats more effectively.
Where Information assets and physical assets are considered ISMS scope, risks must be
assessed of any kind of loss or degradation occurs within information system. There are certain
responsibility of assets.
Inventory of assets
All IT hardware devices that are purchased by university, running or managing by
administrator. In order to monitor or track all activities. But certain level, it may show as out of
scope within ISMS. Different type of information related to students, staff members which may
be classified as special category under protection regulation. ISMS (Information security
management system) have been protected the sensitive information or data because of valuable
assets. As already identified the different essential assets that need to be handled accordance with
8
risk identification. Sometimes, it can be defined the risk-based services and classified to store
within information system. This will provide the better security and privacy to store information
in proper manner.
Threats and exposures Research
According to case study, The University Campus of ABC focus on the wide variety of
information exits and deployed within campus. Different type of information may be stored,
maintained and communicated in different ways. Traditionally, ABC University much is in hard
copy i.e. paper format (Colicchia Creazza and Menachof, 2019). It might be including all reports,
records and so on. With development and distribution of ubiquitous PC as great deal of
information which has been migrated from ledgers onto hard disks of computers.
If a campus is to consider, in broad terms, various kind of data or information stored within
university campus. In ABC University, Information security management system (ISMS) has
been adopted by university to improve its overall performance and efficiency. There are
particularity of campus network, security threats which are produced in both internal as well as
external causes.
Network security is continually becoming a particular area of tremendous focus on ABC
university campus of all sizes. There are various type of network security threats arise with
information system. It must require to maintain continuous protection of their entire network
systems, software.
Malware or Ransomware- the ABC university campus has fallen due to the ransomware
attacks every 20 seconds. These are growing more than 300% annually within internet of things
attacks increasing by 212% years. The Massive increase in this type of attacks was triggered by
development of cryptocurrencies such as Bitcoin, which allows for hackers to increase demand
of random anonymously (Kavallieratos and Katsikas, 2020). These are sophisticated attacks
starts by infecting secure database systems, threatening deletion or corruption of files. This type
of Malware or Ransomware will directly affecting on the information system in context of
security or privacy aspect.
9
within information system. This will provide the better security and privacy to store information
in proper manner.
Threats and exposures Research
According to case study, The University Campus of ABC focus on the wide variety of
information exits and deployed within campus. Different type of information may be stored,
maintained and communicated in different ways. Traditionally, ABC University much is in hard
copy i.e. paper format (Colicchia Creazza and Menachof, 2019). It might be including all reports,
records and so on. With development and distribution of ubiquitous PC as great deal of
information which has been migrated from ledgers onto hard disks of computers.
If a campus is to consider, in broad terms, various kind of data or information stored within
university campus. In ABC University, Information security management system (ISMS) has
been adopted by university to improve its overall performance and efficiency. There are
particularity of campus network, security threats which are produced in both internal as well as
external causes.
Network security is continually becoming a particular area of tremendous focus on ABC
university campus of all sizes. There are various type of network security threats arise with
information system. It must require to maintain continuous protection of their entire network
systems, software.
Malware or Ransomware- the ABC university campus has fallen due to the ransomware
attacks every 20 seconds. These are growing more than 300% annually within internet of things
attacks increasing by 212% years. The Massive increase in this type of attacks was triggered by
development of cryptocurrencies such as Bitcoin, which allows for hackers to increase demand
of random anonymously (Kavallieratos and Katsikas, 2020). These are sophisticated attacks
starts by infecting secure database systems, threatening deletion or corruption of files. This type
of Malware or Ransomware will directly affecting on the information system in context of
security or privacy aspect.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Distributed Denial of service attack (DDos) - This type of threat is overwhelming hosted
servers which causes them to become as inoperable. In order to increase the task of cyber-attack.
According to study, 33% of enterprise fall down because of denial of service attack. This can be
generated as disastrous for ABC university campus that make their transaction online.
Potentially, it causes of million dollars in lost revenue of business every day. There is likely that
not of potential thousands of hardware being used for DDos, actually belong to the attacker.
Instead of assume as compromised computers that are added to attack campus network by
distributed and malware across the global world.
Internal security threats
The weak sense of confidentiality, which has been increased unauthorised access to internal
used through campus network. It is one of the important aspect to maintain the network security
threats, the most likely to cause leakage with system resources. Additionally, campus net worm
is the simple to save time, naming of computer which often named after the name of department,
computer administrator does not make any kind of modifications (Longley, 2019). At certain
level, the attacker open the door so that unauthorised accessor can easily find the target of
interest from various intruding into confidential information. Internal users can be consider as
malicious attacks. It is another major cause of entire campus network security which become as
threatened. University focus on the local computer users, there is lack of student master even if
there level is not enough to manage or control threats.
External Security threats
Computer viruses are consider as external security threat within information security
network system. These are main reason for campus network that are facing external security
threats. Due to consider the particularity of campus network user base, Student often can
download software to use them and share all essential resources with each other. In this way, it
provide as favourable way for spreading the viruses within Information security network system.
At that time, it is important for predicating the rapid development of network where how will
directly spreading the viruses more widely manner. In additional, hackers are increasing a lot of
10
servers which causes them to become as inoperable. In order to increase the task of cyber-attack.
According to study, 33% of enterprise fall down because of denial of service attack. This can be
generated as disastrous for ABC university campus that make their transaction online.
Potentially, it causes of million dollars in lost revenue of business every day. There is likely that
not of potential thousands of hardware being used for DDos, actually belong to the attacker.
Instead of assume as compromised computers that are added to attack campus network by
distributed and malware across the global world.
Internal security threats
The weak sense of confidentiality, which has been increased unauthorised access to internal
used through campus network. It is one of the important aspect to maintain the network security
threats, the most likely to cause leakage with system resources. Additionally, campus net worm
is the simple to save time, naming of computer which often named after the name of department,
computer administrator does not make any kind of modifications (Longley, 2019). At certain
level, the attacker open the door so that unauthorised accessor can easily find the target of
interest from various intruding into confidential information. Internal users can be consider as
malicious attacks. It is another major cause of entire campus network security which become as
threatened. University focus on the local computer users, there is lack of student master even if
there level is not enough to manage or control threats.
External Security threats
Computer viruses are consider as external security threat within information security
network system. These are main reason for campus network that are facing external security
threats. Due to consider the particularity of campus network user base, Student often can
download software to use them and share all essential resources with each other. In this way, it
provide as favourable way for spreading the viruses within Information security network system.
At that time, it is important for predicating the rapid development of network where how will
directly spreading the viruses more widely manner. In additional, hackers are increasing a lot of
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
problem where attacking the campus network (Wisniewska and et.al., 2019). Usually, external
hackers can use program to control or operate remotely and direct way to damage the entire
campus network system. In some situation, Tireless hacker are basically tried to implant in the
user’s computer with the help of Trojan virus. It may arise as collusion in both inside or outside
which poses a threat to network security.
Campus network defect and physical security threats
Within ABC university, it has been generated the security threats from outside and inside
of network system. But at certain point, it will be developed as system vulnerabilities. This is
consider as one of common reason to defect of entire campus network (Colicchia Creazza and
Menachof, 2019). Due to the huge operating system code. It may vary degree so that
automatically increases some security vulnerabilities, some of different operating system mode
used. Another threat is that when using a complex system and their own security configuration
which is not completely enough. Thus, it is forming a security risk or threat.
A physical security threats has been developed. Network surrounding environment and
their physical properties in context of equipment, wiring which is not available. It has chance to
be stolen of device, destroyed, damage and destruction of intentional. As a result. It can easily
disclosure of information because of electron equipment’s unexpected to failure, power outages
and other type of natural disaster physical factors. These are directly affecting on the information
security network system. It will also pose a threat to maintain or control the normal operation
within campus network system.
Risk assessment and risk treatment strategy
A risk assessment matrix is defined the level of threat, risk by considering different
categories of probability or likelihood against consequence severity. It is one of the simplest
mechanism to increase its visibility of risks, assisting management with decision-making.
Generally, Risk can depend on the lack of certainty about the result or outcome of making a
particular choice (Kavallieratos and Katsikas, 2020). This type of risk assessment matrix allows
to campus network to develop an appropriate response that falls in line with goal of ABC
11
hackers can use program to control or operate remotely and direct way to damage the entire
campus network system. In some situation, Tireless hacker are basically tried to implant in the
user’s computer with the help of Trojan virus. It may arise as collusion in both inside or outside
which poses a threat to network security.
Campus network defect and physical security threats
Within ABC university, it has been generated the security threats from outside and inside
of network system. But at certain point, it will be developed as system vulnerabilities. This is
consider as one of common reason to defect of entire campus network (Colicchia Creazza and
Menachof, 2019). Due to the huge operating system code. It may vary degree so that
automatically increases some security vulnerabilities, some of different operating system mode
used. Another threat is that when using a complex system and their own security configuration
which is not completely enough. Thus, it is forming a security risk or threat.
A physical security threats has been developed. Network surrounding environment and
their physical properties in context of equipment, wiring which is not available. It has chance to
be stolen of device, destroyed, damage and destruction of intentional. As a result. It can easily
disclosure of information because of electron equipment’s unexpected to failure, power outages
and other type of natural disaster physical factors. These are directly affecting on the information
security network system. It will also pose a threat to maintain or control the normal operation
within campus network system.
Risk assessment and risk treatment strategy
A risk assessment matrix is defined the level of threat, risk by considering different
categories of probability or likelihood against consequence severity. It is one of the simplest
mechanism to increase its visibility of risks, assisting management with decision-making.
Generally, Risk can depend on the lack of certainty about the result or outcome of making a
particular choice (Kavallieratos and Katsikas, 2020). This type of risk assessment matrix allows
to campus network to develop an appropriate response that falls in line with goal of ABC
11
University. Most risk assessment matrix will take in the form of table or grid so that it can easily
dividing level of impacts, likelihood of risk occurring.
In ABC University, enterprise owner is mainly focused on the process of risk assessment
for identifying and evaluating risk for assets. It could be affected by cyberattacks. Basically, it
can be identified both external as well as internal threats, evaluate their potential impact on
things such as data availability, integrity and confidentiality. This will help for estimating the
cost or price of suffering from cyber-attack incident. With campus information, it will support to
control or manage the data protection and match requirement of university campus, tolerance of
risk level.
The risk assessment factors in the relationship between different elements. For example-
Suppose want to assess the risk associated within ABC university campus, hacker can try to
access information or data of university. Usually, they are directly affecting the information
security network system but a robust perimeter defenses that make protect or secure vulnerability
low. The risk will be medium even though the assets become is still critical.
Identifying the information Assets
According to scenario, ABC University can use valuable assets such as infrastructure,
database and application, people at the time of task executions. These are considered as
important assets within university Campus that can store, collect or analyse large amount of
information within different department.
On the other hand, ABC University has been identified the all valuable assets that could
harmed by threats (Longley, 2019). Here are just a few assets applicable within enterprise such
as partner documents, website, server, client contact information, consumer credit card detail and
trade secrets. Each and every department should use these assets to execute the different tasks in
proper manner.
12
dividing level of impacts, likelihood of risk occurring.
In ABC University, enterprise owner is mainly focused on the process of risk assessment
for identifying and evaluating risk for assets. It could be affected by cyberattacks. Basically, it
can be identified both external as well as internal threats, evaluate their potential impact on
things such as data availability, integrity and confidentiality. This will help for estimating the
cost or price of suffering from cyber-attack incident. With campus information, it will support to
control or manage the data protection and match requirement of university campus, tolerance of
risk level.
The risk assessment factors in the relationship between different elements. For example-
Suppose want to assess the risk associated within ABC university campus, hacker can try to
access information or data of university. Usually, they are directly affecting the information
security network system but a robust perimeter defenses that make protect or secure vulnerability
low. The risk will be medium even though the assets become is still critical.
Identifying the information Assets
According to scenario, ABC University can use valuable assets such as infrastructure,
database and application, people at the time of task executions. These are considered as
important assets within university Campus that can store, collect or analyse large amount of
information within different department.
On the other hand, ABC University has been identified the all valuable assets that could
harmed by threats (Longley, 2019). Here are just a few assets applicable within enterprise such
as partner documents, website, server, client contact information, consumer credit card detail and
trade secrets. Each and every department should use these assets to execute the different tasks in
proper manner.
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.