The term security is the most common issue in present scenarios within the organization. This is related to the protection of the assets based on organization which mainly consists of the data, personal information of a user, networks, or equipment information from the attackers. These assets can be prevented by using appropriate techniques for prevention as in the manner of testing or using security policies as well as using techniques for detection through which effective response has been generated.
This report discusses the threats detection as well as the detection of physical & IT security vulnerabilities and also evaluate the methods through which risk of security get managed. The main topics that are going to discuss in this report are about designing network security which includes the discussion of the firewalls, DMZ, translation of address, AV & VPN.
This report also discusses the remote access concept which tests the vulnerabilities. This report helps in developing the skills of security like literacy of communication, analysis, critical thinking, interpretation, reasoning through which academic competence has been developing. This unit covers the IT security risk as well as appropriate solutions. This also describes the management of organizational security as well as the mechanism to control the risk of security.
There are plenty of threats for an organization through which they could be harmed. Let us discuss some of those threats as follows:
The security procedure of an organization some important steps that must be followed. The steps such as control of access, administrative, configuration, auditing, responses to the incidents, physical procedures, and environmental procedures. For better understanding, given below are some examples:
For accessing and treating the IT security risk, firstly the risks are supposed to be identified that whether that sort of incident has occurred previously, what was the report on that incidents by security team or by media; are there any incidents related to safety, health or environmental. After identifying the risk type than its time for prioritizing the risk like, what would be the objective and strategy of business; the issues which are faced by the company; all the legal and regulatory point of view; the risk appetite of the company; and lastly what are the needs of the people connected to an organization such as parties, customers, stakeholders, staff members.
Many of the users change the pre-shared key, because of that, the VPN gets changed (many people do this on purpose) which becomes the reason for a security breach. There is a need for an exact value that everyone does not know and fails to change the VPN and lost the connection. The whole infrastructure of IT has been compromised in a way and this because of the firewall. Firewalls do its work from the very basic policies of security of an organization and the work done by it is so perfect that the implementations of various firewalls have been created. If there is a pre-assessment of such activity then it would show the actual impact, in which the report will show financial losses, as well as attacks on data as well. However, the policies of firewalls are discussed before the implementation of the infrastructure which means that it is a very important factor for an organization. Also, it is shared among a given scenario and strategic variables. Various factors occur because of firewall which is poorly configured, following are two among those:
DMZ (Demilitarized Zone) is a secure network perimeter which is made by the organization of large sizes for implanting firewall in their system. A small sized organization can simply with the help of server and clients install it. For putting on the DMZ there should be a web server that has public information, a server of e-commerce transaction so that the payment could be done, also a server for mail that could relay the external mails to the internal emails, endpoints of VPN, gateway applications, servers for staging and test (Taylor, 2001).
The IP addresses are internally stored in the form of numbers. Whereas the human prefers names and the computers prefer numbers. Humans can use for searching something, DNS (domain name system) has been introduced which converts the name inserted by the user to numbers so that the computer can understand it then computer answer back in form of numbers and then again, the DNS converts the numbers into names.
Given below are some benefits of NAT:
Three benefits of implementing network systems are:
For a better understanding of the process of risk management, the following steps should be followed:
Figure 1: Steps for risk assessment
The process of protecting crucial data from various threats, compromises, and corruption is known as data processing. The increase in the creation and storing of data leads towards its security because it is known that if data is increased than the normal protection system isn't enough for it. There are few strategies of data protection that can bring back i.e. restore all the data and information that was compromised. Data protection brings a promise with it that at any condition id-data has been attacked then it will bring the all data back. Also, data protection is a term that is used for protecting the data and as well as restoring the hacked data. data management and data availability are two terms around which the whole strategy of data protection is there. Data management refers that, in an organization to safely store the data and provide the backup for it online and offline but safely, and also to create all the necessary strategies regarding that. Data availability refers to that, if in any organization some small amount of data is lost then at any cost it is the responsibility of the data processing team to get that data back. There are plenty of new storage technologies that allow the user to backup the essential files in the first place so that the risk of getting hacked could be reduced. Also, there is a new technology called mirroring which allows the user to create an exact copy of the files on copied websites. Whenever there is a change in the organization than backs up can help in restoring all the data easily and safely. Another data protection technique and the most used one is transferring the data through cloud services because it provides the option of encryption and it is the safest word in the online world (Rouse, 2017).
Figure 2: Steps for data protection
ISO 31000
This is a methodology of security analysis or a type of process of risk management is mainly used the solve several risk associated programs within a company. This will help in steps standardization through which risk management has been evaluated to leave out a formal workflow (Lashin, 2016).
Application of the ISO 31000:
Impacts of organizational security resulting from an IT security audit:
It will help to evaluate the areas of problem and effective points of vulnerabilities. This will also help in evaluates the security policies as well as the standards. This will help in generating a recommendation for leverage technology of information within the security concept of business. This aspect also helps in delivers the analysis that will be based on the external as well as internal practices of IT or several systems (PATTERSON, 2017).
Security policy is of two types, the first one tackles with all the threats from outside so that the network could work effectively without any disturbance, and the second one tackles with all the threats from inside by telling the proper network resource usage. Pointing out the threats outside is oriented by technology. Antivirus software, firewall, email filters, malicious activity detector, and many others are some technologies that help in reducing the threats from an external network. All the technologies mentioned above can only be implemented by the staff of the IT department and not by the users. After al this the main issue is the use of the network from inside the organization can create issues of management. There is a policy for such activity that regularly notes the activity of the employee, called AUP (Acceptable Use Policy). This policy is useful as it can protect an organization when there is inappropriate activity according to the policy and the main source from which the activity is done can be panelized and also there would be proof that if there is any breach then an organization can show that it didn't happen from internal side. In the end, an organization must identify their risks, every organization should take a lesson from other organization who have gone through that situation, the policy implemented in an organization must be conforming the legal requirements, an organization must understand that the level of security is equal to the level of risk, organization heads should not make the policy alone instead they should include some of the staff members as well or if possible then all of them, organizations must also train every employee about the policy and use of it, and mainly while implementing the policy everyone must be told about the penalty and the other actions that will be taken (Duigan, 2003).
Figure 3: Security policy
There are a few important elements for a better understanding of the Business Recovery Plan of Organization. Given below are those elements:
Figure 4: Disaster recovery plan
Stakeholders play a key role in internal audit. They have a piece of specific knowledge about the network audit. But they are facing some lack of knowledge issue and that can be solved by Co-sourcing. This will helps to gain the prevalent model of an audit. One more alternate model exists name as programs of guest auditor which also work on a similar concept. Stakeholders develop a program of inducting for new audits along with organizing a meeting for secure management in which new information has been provided to other staff. Stakeholder design a plan for solves out the audit issues that related to different services.
This report helps in understanding the main concept of security within an IT organization. The main of this report is to evaluate the information of security that will associate with security breaches and risk influence over the continuity of business. This involves the authorization access, use regulation, contingency plan implementation as well as discussion of policies or different procedures that relate to the security. This report commonly divides into four parts, in which the first part discusses the IT security risks, The next part relates to solutions of IT security, the third one is a mechanism for IT Security control and the last one is the management of security within an organization.
Hayslip, G., 2018. 9 policies and procedures you need to know about if you’re starting a new security program. [online] CSO Online. Available at: https://www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-know-about-if-youre-starting-a-new-security-program.html [Accessed 16 May 2020].
Lucidchart., 2018. A Complete Guide to the Risk Assessment Process | Lucidchart Blog. [online] Available at: https://www.lucidchart.com/blog/risk-assessment-process [Accessed 16 May 2020].
Rouse, M., 2017. data protection. [online] SearchDataBackup. Available at: https://searchdatabackup.techtarget.com/definition/data-protection [Accessed 16 May 2020].
Duigan, A., 2003. 10 steps to a successful security policy. [online] Computerworld. Available at: https://www.computerworld.com/article/2572970/10-steps-to-a-successful-security-policy.html [Accessed 16 May 2020].
Touhid, 2019. Common Types of Security Threats to Organizations | Cyber Security Portal. [online] Cyber Security Portal. Available at: https://cyberthreatportal.com/types-of-security-threats-to-organizations/ [Accessed 16 May 2020].
Cambridge., 2016. Information Security Risk Assessment and Treatment. [online] Available at: https://www.cambridge-risk.com/information-security-risk-assessment-and-treatment/ [Accessed 16 May 2020].
CCSI., 2017. 10 Common IT Security Risks in the Workplace. [online] Available at: https://www.ccsinet.com/blog/common-security-risks-workplace/ [Accessed 16 May 2020].
Entech, 2018. 7 Key Elements of a Business Disaster Recovery Plan - Entech. [online] Entech. Available at: https://entechus.com/7-key-elements-of-a-business-disaster-recovery-plan/ [Accessed 16 May 2020].
Payne, C. (2018). 10 Reasons why Network Monitoring Software is a Must Have. [online] Advancedcyber.co.uk. Available at: https://www.advancedcyber.co.uk/it-security-blog/network-monitoring-software-is-a-must-have [Accessed 16 May 2020].
Doug (2018). Risk Management Process: Security Analysis Methodology. [online] RiskWatch. Available at: https://riskwatch.com/2018/03/19/risk-management-process/ [Accessed 16 May 2020].
Lashin, D.M. (2016). Application of ISO 31000 principles. [online] Linkedin.com. Available at: https://www.linkedin.com/pulse/application-iso-31000-principles-dr-mohamed-lashin [Accessed 16 May 2020].
Berkman, O. (2016). Stakeholders Play Important Role in Internal Audit Impact. [online] Financialexecutives.org. Available at: https://daily.financialexecutives.org/stakeholders-play-important-role-internal-audit-impact/ [Accessed 16 May 2020].
PATTERSON, J. (2017). transcosmos. [online] transcosmos. Available at: http://transcosmos.co.uk/blog/it-security-audit-business-process/ [Accessed 16 May 2020].
dbyler (2018). The Importance of Regular IT Security... [online] Spectrum IT Solutions, LLC. Available at: https://www.itbyspectrum.com/the-importance-of-regular-it-security-audits/ [Accessed 16 May 2020].
Urgenthomework helped me with finance homework problems and taught math portion of my course as well. Initially, I used a tutor that taught me math course I felt that as if I was not getting the help I needed. With the help of Urgenthomework, I got precisely where I was weak: Sheryl. Read More
Follow Us