University Data Security Assignment: Risk Assessment and Privileges

Verified

Added on 2021/11/05

AI Summary

This assignment delves into the critical aspects of web and data security, providing a comprehensive analysis of risk assessment methodologies, privilege levels, and their impact on organizational security. The solution explores the five essential steps of risk assessment, including hazard identification, sector of harm, control measures, record-keeping, and review processes. It further examines the implications of elevated privilege levels, highlighting the potential for malicious activities and data breaches. The assignment also addresses organizational, business process, and information system level security concerns, emphasizing the importance of data security, access authority, and data integrity. Furthermore, it covers incident response strategies and the significance of defining acceptable activities and limitations. The references provided support the concepts discussed, offering a robust understanding of the subject matter.

Running head: WEB AND DATA SECURITY
WEB AND DATA SECURITY
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2WEB AND DATA SECURITY
Table of Contents
Question 1........................................................................................................................................3
Question 2........................................................................................................................................3
Question 3........................................................................................................................................4
Question 4........................................................................................................................................4
References........................................................................................................................................6

3WEB AND DATA SECURITY
Question 1
The five steps which can be included into the risk assessment are stated below:
 Identification of the hazard: The identification of the hazard can be stated to be very
much essential in the domain of the which hazard factor can alter the working of the
company.
 Sector of harm: In this step the sector or the person who would be getting harmed from
the event is taken into consideration.
 Control measures: The control measures which is related to the identified risk is taken
into consideration in this step.
 Record of the finding and implementing: The finding of the risk factor should be done
so that it is taken into consideration which are the risk factor included into the sector
(Maclean, 2017). The mitigation plan relating to the concept is taken into focus in this
sector.
 Review of the assessment and the update: In this step the process is removed with the
risk factor and it is a phase were it is taken into consideration that the risk factor does not
get involved into the project on a later phase.
Question 2
The level of privileges when it is elevated directly allow the user to execute different
actions which can be termed as malicious. The range of activity which can be performed is in the
sector of the data misuse to the compromising the system. The user directly uses their privilege
in the system to gain sensitive information and other financial information with a motive to leak
the information. Alteration of the data can also be done in the sector which directly opens the

4WEB AND DATA SECURITY
door which is related to the possibility of fraud. The dangerous event which can be related to the
privileged account is not to the extent relating to the access of the account but how much easy it
is to perform malicious activity and on the other hand difficulty in detection of the activity.
Malicious activity is not only the concern area which is related to the privileged account but also
inadvertent actions and mistake can also be costly in the sector of the working of the company.
Sending of sensitive information to the wrong person can also cause remediation and damage
cost (Williams, 2015). Security of the credential can be one of the big concern area relating to
the project. In most of the cases it can be stated that security of the data can be one of the factor
which can be very much crucial in the overall working of the concept.
Question 3
Organizational level: In the organizational level it can be stated the crucial financial
information of the organization can get leaked which can hamper the overall process which is
related to the working of the organization.
Business process level: Leakage of the information can hamper the internal data of the
organization which can hamper the business process level of the organization (Linkov et al.,
2014). in most of the cases it can be noticed that there are various personal working and data of
the organization which in the sector of the event is not secured.
Information system level: The main sector of emphasis which can be related to the
sector is the disaster recovery and continuity planning (Maclean, 2017). In this area it can be
stated that the risk factor which is involved into the sector is the planning area of the different
project.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5WEB AND DATA SECURITY
Question 4
Data security: The security of the data should be protected so that the sensitive data does
not goes into the hand of unauthorized person.
Access authority: The access to the data should also be protected so that there is no issue
with the intruder activity.
Integrity of the data: The concept of the integrity of the data can be considered to be
very much essential in the working of the concept so that there is no issue with the quality of the
data which pertains in the system. The sector of the alteration of the data should also be restricted
in the area. There can be stated to be one of the concern area which can enhance the working of
the company.
Response to incident: In the sector of the level of privileges it can be stated that it
should be stated that what form of activity are acceptable (Thomas & Galligher, 2018). On the
other hand, it can be stated that there can be limitation relating to the working which should be
included into the working with the data.

6WEB AND DATA SECURITY
References
Linkov, I., Anklam, E., Collier, Z. A., DiMase, D., & Renn, O. (2014). Risk-based standards:
integrating top–down and bottom–up approaches. Environment Systems and
Decisions, 34(1), 134-137.
Maclean, D. (2017). The NIST Risk Management Framework: Problems and
recommendations. Cyber Security: A Peer-Reviewed Journal, 1(3), 207-217.
Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information
security risk assessments to combat ransomware.
Williams, M. G. (2015). A risk assessment on Raspberry Pi using NIST standards. International
Journal of Computer Science and Network Security (IJCSNS), 15(6), 22.