Report on Risk Management and Mitigation Plan - University

Verified

Added on 2022/12/27

AI Summary

This report provides a comprehensive analysis of IT infrastructure risks and vulnerabilities. It begins by identifying key vulnerabilities such as data loss, unauthorized access, inadequate data backup, criminal activities within the organization, and human fault. The report then delves into the risks associated with each vulnerability, including the potential impact on organizational services, reputation, and financial aspects. It highlights the privacy concerns of employees and customers due to potential data breaches. Finally, the report proposes a detailed mitigation plan, including the implementation of VPNs, disaster recovery approaches, strong passwords, and security awareness programs to enhance the overall security posture of the organization and protect against external threats. The report concludes by summarizing the effectiveness of the proposed strategies in mitigating identified risks.

Running head: REPORT ON RISK MANAGEMENT AND MITIGATION PLAN
REPORT
ON
RISK MANAGEMENT AND MITIGATION PLAN
Name of the Student
Name of the University
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1Risk Management
Introduction:
The aim of this report is to identify the possible vulnerabilities present in the IT
organization’s activities. Followed by identifying the vulnerabilities this paper also includes a
detail elaboration related to the risk present in each of the identified vulnerabilities. Along
with elaborating the risk it will also include the impact and the mitigation approaches as well
in order to establish a safe IT infrastructure within the organization.
Identified Vulnerabilities:
Followed by the above mentioned objectives it has been observed that while considering
the IT infrastructure there are several security vulnerabilities present which holds significant
impact on the organizational services are listed below-
 Important data loss-
Among all of the possible vulnerabilities present in the IT infrastructure data loss is
one of the most significant vulnerabilities as it has been observed from the investigation
that due to several security as well as management issues the organizations faced problems
related to the data loss.
 Unauthorized Access-
Followed by the above specified vulnerabilities it has been noticed that there is a
significant impact of unauthorized access within the organization as due to this the assets
as well as the resources of the organization become accessible for outsiders which may
cause significant impact on the organizational services.
 Inadequate Data Backup-
Considering above mentioned aspects it has been noticed that due to inadequate data
backup the important data of the organization gets attacked by the hackers which creates
significant problem related to their services.

2Risk Management
 Criminal Activities within the organization-
Due to the possibilities of criminal activities within the organization it has been
noticed that the organizational services gets affected as the criminal activities such as the
DoS attacks, Ransomware attacks as well as the data phishing holds a significant impact
on the services of the organization (Papp & Buttyan 2015).
 Human Fault-
Along with all of the above mentioned vulnerabilities it has been noticed that there is
a significant impact of human errors in the organization security which also significantly
impacts the services as well as the reputation of the organization.
Risk Present in the identified vulnerabilities:
 Data Loss- is one of the significant security vulnerabilities present in the IT
infrastructure consists high risk. Due to the data loss within the organization, the
company will get significantly harmed as the loss of important data holds the
capabilities to reduce the effectiveness of the organizational services. Along with that
it also harms the reputation of the organization (Joshi & Singh 2017).
 Unauthorised Access- is also one of the most significant risk factors which is caused
by the less capable authentication process as this invokes the criminal activities within
the organization. As due to the incorporation of the less effective user authentication
techniques the vulnerabilities caused by the unauthorized access increases.
 Inadequate data loss- followed by the above aspects it has been noticed that in case
of any attack occurs which causes data loss will significantly affect the organizational
services if no data backup is kept within the IT infrastructure.
 Criminal activities- within the organization significantly affects organizational assets
by several harmful attacks which includes the data phishing, DoS as well as the

3Risk Management
ransomware attack. Hence, it has been noticed that due to the criminal attacks the
organizational data as well as the services gets harmed.
 Human fault- is one of the major reason behind the security issues occurred within
the organization as due to less awareness related to this filed the employ of the
organization most of the time visits unknown websites, links as well as downloads
attachments from untrusted email. Followed by this the systems of the organization
gets affected.
Impact of the identified vulnerabilities:
Followed by the above identified risks present in the IT organizational infrastructure
most significant impact has been listed below which affects the services of the organization:
 One of the most significant impact of the identified security threats is the privacy
concern of the employ as well as the customer data of the organization as it has been
identified from the investigation that due to the external criminal attacks there is a
huge possibility of data loss hence, it can be stated that due to this personal
information of the customers as well as the employs will be leaked which will affect
their safety (Fennelly 2016).
 Followed by this due to the criminal attacks the organization gets into several major
trouble as this will cause a reputational damage.
 Along with the above mentioned impact there is huge impact of security issues and
vulnerabilities on the financial aspect of the organization as this may steal the data of
financial transactions due to which the hacker can get access to the victim’s bank
account (Bertino & Islam 2017).
 Followed by this it also affects the services of the organization which affects the
profits as well.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4Risk Management
Mitigation plan:
Considering the above discussed risk as well as the impact of those identified risk it has
been noticed that there is a huge necessity of mitigating those threats as this will help the
organization to enhance their security services. The list of mitigation approach for the
identified risks are mentioned below:
 Implementation of the VPN will provide effective protection in case of unauthorised
access in the organization.
 Followed by this implementing effective disaster recovery approach will also help the
organization to provide support in case of any data loss.
 Along with that incorporation of effective security approaches such as utilization of
strong passwords as well as effective data transmission process will protect the
organizational information (Aras et al., 2017).
 Apart from the above aspect the organization needs to structure a security awareness
programme in order to provide awareness to the employ of the organization about the
security aspects which will help to keep the organization protected from the external
attacks (Ali & Awad 2018).
Conclusion:
After the completion of the above paper it can be concluded that this paper has
effectively identified the security vulnerabilities present in the IT infrastructure, followed by
which it has also described the possible risks as well as the impact of the identified
vulnerabilities. Lastly, it has provided most effective mitigation approaches which will help
to mitigate the identified risk in order to enhance the security of the organization.

5Risk Management
Reference:
Ali, B., & Awad, A. (2018). Cyber and physical security vulnerability assessment for IoT-
based smart homes. Sensors, 18(3), 817.
Aras, E., Ramachandran, G. S., Lawrence, P., & Hughes, D. (2017, June). Exploring the
security vulnerabilities of LoRa. In 2017 3rd IEEE International Conference on
Cybernetics (CYBCONF) (pp. 1-6). IEEE.
Bertino, E., & Islam, N. (2017). Botnets and internet of things security. Computer, (2), 76-79.
Fennelly, L. (2016). Effective physical security. Butterworth-Heinemann.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Joshi, C., & Singh, U. K. (2017). Information security risks management framework–A step
towards mitigating security risks in university network. Journal of Information
Security and Applications, 35, 128-137.
Papp, D., Ma, Z., & Buttyan, L. (2015, July). Embedded systems security: Threats,
vulnerabilities, and attack taxonomy. In 2015 13th Annual Conference on Privacy,
Security and Trust (PST) (pp. 145-152). IEEE.