Tuesday, May 5, 2020
IT Risk Management for Security and Technology- myassignmenthelp
Question: Discuss about theIT Risk Management for Security and Technology. Answer: Introduction It security management is an important subject for the organisations as security of the public data is given the highest priority in recent time. With the advancement of internet and technology many loopholes have been created in the security system of the computers and the information technology system (Rampini Viswanathan, 2016). There are many threats and risks which are also responsible for the breakdown of the security system of the IT organisations database. The organisations are continuously working to make the database and the infrastructure of the information system more secured. In this report mainly three topics are discussed and those are IT security and technology landscape, IT security models and access control and the IT security threats and risk assessment. These topics are discussed in order to understand the security background and the risks issues for the information technology organisations and the computing system. IT Security Technology Landscape Security is an important parameter in the information technology industry for keeping the information of public and organization secured. To maintain the security IT companies are creating new technologies and methods which refer to the IT security and technology landscape. There is a huge difference between the customers security requirement and the security which is given by the IT organizations (Chance Brooks, 2015). To overcome this gap IT companies are emphasizing more on the security and technical landscape. In IT sectors various groups are working for different security problems in different fields like network security, applications security and endpoint security. The network security deals with the risk issues regarding various network layers and protocols. Application security works for the security of different applications and software. Hardware like modem and servers related security is maintained in the endpoint security (Cole et al., 2013). Devices, applications, data and users are considered as the assets in the security landscape. To ensure the security different operations like identification, protection, detection, respond and recovery are executed. First step identification consists of defining the assets, viruses, malware, measuring attack surface and risk profiling. Protection can be done by preventing and limiting the impact of the security issues and by managing the access. The detection process consists of discovering the events, anomalies and finding the intrusions. The respond and recovery are done by using different restoring operations (DeAngelo Stulz, 2015). Cyber defense matrix is one of the useful applications that is used to identify the risk levels of different security related issues and to analyze them with respect to the resources and operations as discussed earlier. The principles and the priority list of the organization are also important from the point of view of detection and removing security related issues. Figure: Cyber defence matrix (Sourc: DeAngelo Stulz, 2015) Figure: Enterprise security market segments (Source: Cole et al., 2013) IT Security Models Access Controls Access control is the identification of an individual making a particular process or job by authenticating and to provide power to the person to decide that who will have the access to the website or computer. Generally the access is created by making the account of the user first and then the user is given a username and a password (Glendon, Clarke McKenna, 2016). For access control different software are designed in such a way that they can provide the permission to the user for the access of the website and the computer. The process of provide the permission to the individuals to make their duties, depends upon the access control models. There are different types of access control models. These are Mandatory Access Control (MAC), Role Based Access Control, Discretionary Access Control and Rule based Access Control. The MAC or Mandatory Access Control is used to provide the access to the administrator or the owner. This refers that there is no control for the end user to access th e settings (Lam, 2014). There are also two models in MAC and those are Biba and Bell-Lapadula. Biba model works on the integrity of the model and the other one works for the confidentiality of data. In case of Role based control the access is given with respect to the users position in an organisation. The Discretionary Access Control or DAC is the lowest restrictive model that allows the users to access all the programs they use. State machine model is another type of IT security model that helps to make the state of a system accessible to the user by the help of the finite state model. IT Security Threat and risk assessment The IT security threat and risk assessment is an important parameter which is given high priority by the organisations in order to maintain security. Threat can be considered as the possible danger for the security of a computing system. Threats can be of two types and those are intentional and accidental (McNeil, Frey Embrechts, 2015). Computer malfunctioning, possibility of a natural disaster are the reasons of threat. Deliberate threats are created by spying, illegal processing of data and the accidental threats are created by the equipment failure or software failure. Threats can make damages to different assets in different way. Risks can be of various types. There may be sudden power loss or damage of the hardware and the software connected to a computer system (Pritchard PMP, 2014). Due to risks data can be loosed and security can be affected. There is a basic difference between the risks and the treats. Threats can be predefined and calculate but the risks cannot be pre est imated. Different methods can be followed to overcome the threats but risks cannot be overcome by taking any progressive action. The computer system and the information technology of a system should be well maintained and monitored to overcome the risks and threats. Several antivirus, firewalls can be used to make the threats away from the computing system. Conclusion From the above discussion it is concluded that IT security management is an important parameter to overcome the possible threats and risks for the computer system. It security and technology landscape provides the idea about the security model of the computing systems. There are many access controls which should be implemented in the security models to overcome the security related issues. References Chance, D. M., Brooks, R. (2015). Introduction to derivatives and risk management. Cengage Learning. Cole, S., Gin, X., Tobacman, J., Topalova, P., Townsend, R., Vickery, J. (2013). Barriers to household risk management: Evidence from India. American Economic Journal: Applied Economics, 5(1), 104-135. DeAngelo, H., Stulz, R. M. (2015). Liquid-claim production, risk management, and bank capital structure: Why high leverage is optimal for banks. Journal of Financial Economics, 116(2), 219-236. Glendon, A. I., Clarke, S., McKenna, E. (2016). Human safety and risk management. Crc Press. Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley Sons. McNeil, A. J., Frey, R., Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press. Pritchard, C. L., PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press. Rampini, A. A., Viswanathan, S. (2016). Household risk management (No. w22293). National Bureau of Economic Research.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.