Saturday, December 7, 2019
Threat Analysis Versus Risk Analysis Assessment â⬠MyAssignmenthelp
Question: Discuss about the Threat Analysis Versus Risk Analysis Assessment. Answer: Introduction The technology has always been accompanied by the changes. Some of these changes have just small but they impact on specific sector, but others are major and impact everyone (Erl, Puttini Mahmood, 2013). There are various questions which arises as a result of technology landscape which will be examined as follows; The IT landscape has changed in various ways such as facilitating on the business monetization. This has been due to the mobile technology, thus enabling the business to monetize more than ever. Additionally, the technology landscape has enabled the facilitation of interaction through the business apps (Erl, Puttini Mahmood, 2013). This has been prior to the internet, the customer and the business interact such as through the social media sites. There has also been rise of the cloud which has been significant to many business today to an extent the average user can retrieve data from anywhere when they access the internet (Safa, 2017). The technology landscape has changed also particularly in the supporting of the business security. The new threats in the IT landscape Some of the threats associated with the information technology landscape are confidentiality, integrity and availability. Confidentiality is equivalent to privacy. The measures which are undertaken in order to ensure confidentiality are designed to prevent sensitive data from reaching wrong individuals (Page, 2017). Integrity entails maintain the consistency, accuracy as well as the trustworthiness of the data over the entire life cycle. The data should not be changed in the transit, and steps needs to be taken in order to ensure the information cannot be altered by individuals who are not authorized. On the other hand availability is ensured through maintenance of all the hardware repair immediately when they are needed as well as maintaining correctly the functioning operating system environment (Page, 2017). In the development of the security to ensure that the authorized parties only are able to access the data when they need there is need to use the CNSS security model. This mod el ensure ensures that there is establishment and evaluation of the information security in the development of the secure system (Safa, 2017). It is important to develop security goals and it is vital to know how these goals relates to the various states. The technology landscape has been the set of hardware as well as the software which serves fabrics to support on all the business operation of the companies. The technology has encountered various risks such as the confidentiality, integrity and availability. These risks could be mitigated through cystography for ensuring there is data integrity and it include hashing the data received. On the availability there should a backup done that is the key. Through the regular doing of the off-site backups could limit the damage that is caused to hard drives. The access control is all about the selective restriction of the access to a place or the other resource. The act of accessing could mean consuming, entering or perhaps using. The permission to the access is a resource regarded as authorization (Van Jajodia, 2014). There are various access control mechanism which have been placed in order to control the authorization of the system (Hashizume, Rosado, Fernndez-Medina Fernandez, 2013). One is the discretionary access control which is a model that is based on the user discretion. The owner of the resource is responsible to giving the access of the rights on the resources to the other users which is based on discretion. Another control is the mandatory Access control where the owner do not enjoy on the privilege of deciding who could access the files (Hashizume, Rosado, Fernndez-Medina Fernandez, 2013). Additionally, role Base Access control is another type of the model which the access to the resource has been governed based on the r ole which is subject to hold within the business. It is important to note that the role based access control the users do not have an access over the role which they are assigned. The security model has been a scheme for enforcing on the security policies. The information technology security model are used for authentication of the security policies as they are intended for provision of the set rules that a system could follow to implement on those concepts, processes and the procedure especially in the security policy (Van Jajodia, 2014). There are various models of the security these are as follows; one is the state machine model. This model has been based on the state machine that monitors on the status of framework in order to keep it from slipping into the insecure state (Van Jajodia, 2014). This model serves as the basis for the security model such as the information flow model. Another model is Clark-Wilson, which has access control triple that are comprised of transformational procedure, and the constrained data item (Yang Jia, 2014). The authorization users are not able to change the data in any appropriate way. This model controls on the way to wh ich the subject access the objects to enable the internal consistency of the system can be manipulated only in the best way to enable consistency protection. When looking at the IT security model it is a scheme that specify the way to which the security policies have been enforced (Yang Jia, 2014). The security model is the formal model of access on the rights, computation and the model distribution and prevent various risks such as confidentiality, integrity and availability from occurring on the system. The IT security model outline to the way in which the data can be accessed, the level which are required and the actions that can be taken to protect the system. On the other aspect of the access control mechanism in the information technology, the focus is on authorization, authentication and the approval of the access When it comes to the information technology, there are many security concerns which affects the systems particularly in the breach of the data that causes harm (Fennelly, 2016). These threats could be through attack of the system by a hacker who identifies on the vulnerabilities or even a rogue employee who intentionally steal information to sell (Adeka, Shepherd Abd-Alhameed, 2014). In regards to the risk assessment it is the systematic aspects that are used in the identification of all the security risks and determining to the most cost effective means for control of these threats. In day to day running of the business there are constant security threats which are occurring. Some of these risks are malware which is a form of harmful software such as the viruses and the ransomware (Fennelly, 2016). Once these get into the computer, it could wreak all sort of havoc. Others are through phishing and SQL injection attacks, which works through exploiting any one of the known SQL vulnerability which allow the SQL servers to run the malicious code. One way to mitigate the security risk would by having a comprehensive policies. The compliance requirements dictates that the organization should develop on comprehensive policy that addresses on human side of data (Fenz, Heurix, Neubauer Pechstein, 2014). Other ways could be to implement on the technical safeguards, and also avoid on the complacency. Conclusion The risk assessment is vital to the management of the security threats since it provides an analysis and the interpretation of the threats that are present in the business. The risk assessment enables the organization to know the kind of threats encountered and be able to implement the plan for mitigating them. References Erl, T., Puttini, R., Mahmood, Z. (2013). Cloud computing: concepts, technology architecture. Pearson Education. Page, E. H. (2017). Modeling and Simulation (MS) Technology Landscape. In Guide t Simulation-Based Disciplines (pp. 25-35). Springer, Cham. Safa, N. S. (2017). The information security landscape in the supply chain. Computer Fraud Security, 2017(6), 16-20. Hashizume, K., Rosado, D. G., Fernndez-Medina, E., Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. Van Tilborg, H. C., Jajodia, S. (Eds.). (2014). Encyclopedia of cryptography and security. Springer Science Business Media. Yang, K., Jia, X. (2014). DAC-MACS: Effective data access control for multi-authority cloud storage systems. In Security for Cloud Storage Systems (pp. 59-83). Springer New York. Adeka, M. I., Shepherd, S. J., Abd-Alhameed, R. A. (2014). Threat analysis versus risk analysis in intelligence and security assessment. Fennelly, L. (2016). Effective physical security. Butterworth-Heinemann. Fenz, S., Heurix, J., Neubauer, T., Pechstein, F. (2014). Current challenges in information security risk management. Information Management Computer Security, 22(5), 410-430.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.