+91-9519066910
  • My Account
  • solution

    Management

    Secrity Fundamentals Help

    Rating:
    Secrity Fundamentals Help


      Security fundamentals

    Introduction

    The report consists of security issues related to the internet in the organization.Thereport will provide a brief discussionon the security legislation, procedures of IT security, solutions on technology-related matters, software, and tools which are used to develop IT security procedures in the company. It will also include threats related to the ICT systems and security vulnerabilities which include key loggers, virus’s Trojans, intentional damage, data mining algorithms, natural damage, etc. The report will identify the types of risks of securities associated with the organization and security procedures. It will also provide solutions for IT related issues. It will include the impact of incorrect configuration on IT security of third-party VPNs and firewall policies. The report will also include methods of improving network security by implementing static IP, DMZ, and NAT in the networks.

    P1 Identify types of security risks to organization

    Every organization faces some or the other risks which may harm the business of the organization. The organization faces several IT related problems while surfing the internet. The organization shall abide with the legislation and legal principles which the government has imposed on the use of the internet. The internet law refers to cyber law and the Internet Service Providers are the governing bodywhich governs the laws. The IT solutions or the technological solutions are a service, or product, or a combination of both given to the client by the service providers who have extensive knowledge in the field of IT related matters. The company faces several types of issues or security risks which may affect the operations, revenues, and profitability of the business.It is essential for the organizations to implement IT security in the businesses as it helps in preventing various complications like vulnerabilities, threats, and risks that can hamper the confidential information of the business organization (Abomhara, 2015). Threats are those which affects the companies in relation to its network and IT systems. It can be comprised mainly as deliberate threats and accidentals. For example, natural disasters, hi-tech crime, systems malfunctions, hacking, human error, cyber terrorism, etc. Vulnerabilities are fragility which can be unsafe by threats. The vulnerability happens when there is no firewall between the internet and the server of the websites. A firewall prevents the computers from unauthorized access and helps in providing security from theattacks.The outcome of having the vulnerabilities and it is being utilized by the threats forms a risk.Risks occur whena person with an intention to harm the company gain access to the confidential and private information and data of the company. Risks can cause damage to the company and affect the growth of the organization. Unauthorized access of personal information can result in insider trading which may result in the diminishing of the profits of the company. The person having unauthorized access to the private information of the company can sell that information for his/ her personal benefits to the competitors of the company. Several types of security risks that associated with the company may include:

    1)    Hack ing: It is a process in which a person having malafide or malicious intention hacks the confidential information of the company for some kind of benefit including financial benefits.

    2)      Spyware:As the name predicts, it is the software which is installed in the computers of the organizationswithout the permission of the user with the intention of the criminal intention or to collect information for using it against the users.

    3)      Viruses:These are the most dangerous and require protocols to prevent them. It is software which can damage the computers of the organization for the purpose of stealing, corrupting, or detecting the personal data.

    4)      Adware:It refers to various unwanted advertisements which appear on the screen of the computers to gain access or retrieving of the information without the knowledge or information to the users (Horan, 2017).

    P2 Describe organizartion Security procedures

    Organizational security procedures are the procedures which are used for ensuring the consistency in the execution and implementation of the security process and security control methods. These are the procedures which are used to verify that record, an electronic signature, or performance is detecting errors or changes in the data or information in the electronic record. It helps in providing the security system to the organization from the various risks, threats, etc.

    The organizational security procedure is established to minimize the administrative, physical, or technical safeguards which can be used by the companies to prevent themselves from the data or information to get unauthorized access, corruption, disclosure, or destruction.The organizational security procedures are the set of policies which are imposed by the organizations in its business activities to prevent the sensitive information or data of the organizations. Organizational security procedures include:

    Ø  The users who were being authorized by the organization to have access to the information can gain access to the systems.

    Ø  The users who have access will be held responsible and accountable for the actions occurred in the systems.

    Ø  The systems should be limited to viewing access, access in relation to making changes or modifications, access of destruction of the data or information in the protected resources to the users who were being authorized and have need to know the specific information (Fay, et. al., 2018).

    The organization shall limit the access of the systems or information on the basis of:

    ·         Users' formal clearance to have access to specific information.

    ·         Information’s sensitivity which is available in the objects.

    Organizational security procedures are the basis of security functioning. The security procedures focus on an important principle of guiding behavior. Security procedures of the organizations help in providing information or details relating to the individual who is not aware that the technology or processes can help in reaching the desired results of the procedures. The organizations shall review the procedures on a regular basis and make updates in the procedures accordingly within the time. The security procedures are important for the execution of security management in relation to IT. These procedures help in setting up rules for the predicted behavior of the users. The Board of Directors and management of the company is held responsible for the effective procedures to be implemented in the organization and for continuous reviewing. The effective IT-related security procedures help in preventing the company from any kind of transferring of relevant, private, or confidential information from the users to any unauthorized person. It prevents the organizations from insider trading and helps in securing the important information of the company from the people having malicious intentions.The procedures help in protecting important information from unauthorized use, access, modification, destruction, inspection, disclosure, recording, etc.The organizational security proceduresinclude classification of information security, accessing of the control, cryptography, encryption and decryption, information security policy, remote access policy, etc (Hayslip, 2018).

    M1 Propose a method to assess and treat It security risks

    It is essential on the part of the organization to assess the risks of any nature to prevent the operations of the organization. Risk assessment is the time consuming and expensive procedure.The risk can be assessed by establishing the framework of risk management which focuses on identification of the risk; once the risk is identified it will be analyzed to determine the threats and vulnerabilities (Donnelly, 2018). The risk is then evaluated and the appropriate method is chosen to eliminate the risks.Trojans are some kind of viruses which occurs in the computer and provides access to the computer system and information stored in itto the users. The risk matrix is one of the methods which can help in determining the risks and actions to be taken to prevent, minimize or eliminate such risks. Risk matrix helps in determining the impact of the specific risk on the operations and activities of the company. It helps the management to determine the priorities of the activitiesso that the risks can be treated effectively.The risk matrix is used to identify the types of risks associated and developing of the response in order to manage the risks. The risks can be rated on the basis of the following:

    ·         Very High

    ·         High

    ·         Moderate

    ·         Low

    ·         Very Low

    The risk rating is used to take corrective measures by prioritizing the risk which is rated as very high. It helps in eliminating the major risk and preventing the operations of the business.

    P3 identify the potential impact on It security of incirrect configuration of firwaell policies and third  -party VPNs

    firewall policies are the applications designed to control the flowing of the traffic of Internet Protocol from or to an electronic device or a network.It helps in providing security to the organization in managing its resources. It allows in blocking or allowing various network traffic types which are not specified.Firewall is the hardware or software which is designed to determine the network trafficking by utilizing various policy statements in order to block the unsanctioned access and permitting accredited communications to or from an electronic device or a network. Firewall configurationsare the system settings which affects the activities of the firewall appliance (Kinder, et. al., 2018).

    It is integral to manage the firewall configuration because of the increased number of threats. Firewall configuration is a vital part of network security. There are various common types which are:

    1)      Logging out from other devices: The employees in the organizations do not log out from the devices and become a problem in network security. The employee will not get alerts of the attacks and he/ she will have to pay a higher cost of the same. Hence, the company installs firewall security to identify and block unauthorized users.

    2)      Wide Policy Configuration:Firewall assist in setting up policies and procedures which allows the flowing of network trafficking from one source to another. The organization permits users to have access to various applications in order to identify the changing trends and the required amount of connectivity.

    These help the organizations in improving the security systems and elimination of the risks occurred because of firewall mistakes.

    VPN commonly known as Virtual Private Network is a kind of a pathway from where the data or information is securely exchanged. It helps the organizations to protect their IP address, hiding physical location, avoidance of censorship blocks, etc. Most of the organizations use VPNs to improve the security of the networks (Ikram, et. al., 2016). There are mainly two types of VPNs, which are:

    1)      Site to site: This type of virtual private network uses the network of the entire world. It helps in connecting the network to the entire organization. Using such type of VPN, the employees of the organization can share their data or information with a high level of security and in an encrypted form.

    2)      Remotely Access: It is a type in which the organization gives private access to the networkto the clients. The access is provided through VPN gateway which helps in identifying and authenticating the identity of the user.

    Hence the VPNs and firewall policies affect the IT security of the organization. The firewall policies protect the third parties to have unaccredited access to the data or information of the company and use it for its personal benefit. It helps in blocking the pathway of users with malicious intentions (Alaba, et. al., 2017).

    P4 Show, usign an exmale for each, how implementing a DMZ, satic IP and NAT in a network can oimprove Network Seurity 

    Nework security is an important concern for every IT company and the organisation like CC College. For the security of the network, there are various majors taken by the companies and organizations, some of them are:

    DMZ: DMZ stands for the Demilitarised zone. The function of the Demilitarised zone is to provide a separate zone for the local area network without giving access to any external network or breach from the outside. By the use of DMZ, the companies are creating a barrier for the hackers who want access to the data of the organisation.  DMZ can be designed in many ways but normally firewalls are created to make DMZ. The use of DMZ is beneficial because it allows the use of public internet in a much-secured manner. For example, if the organisation wants to use the internet securely, then it should use DMZ in the place of using the local area network. The use of DMZ also allows giving authorisation to some of its user by which they can access to the data of the organisation (Techtarget, 2018).

    Static IP: Static IP can be defined as the constant IP address which doesn’t change time to time, it remains the same as before.  It is a very useful method for the security reason as the static IP remains constant, only the person who knows the IP address can get access to it. Also, it can be used when a person is away from his system but needs to download any file then basically he just has to go to the IP address and from this, he can get access to the system and can download the files easily. By the use of static IP address instead of dynamic IP address, the accuracy of geolocation is more in static IP. For example, if someone wants to access the system at home, the static IP address can be used. The use of the DNS server is also a part of using the static IP system for the work location (Lifewire, 2018).

     NAT: NAT stands for Network Address Translation. It can be defined as the process of setting a limit for the IP address that can be accessed within the organisation for the purpose of security.  The NAT method of network security is used in the universities and the commercial companies to create a common IP address for the systems of the organisation which can be used by many systems together. For example, if in a home, there is one router for internet then one common IP address will allow all the systems of that home to use that router simultaneously. The use of NAT is very useful as it allows an organisation to use many systems together under the roof of one IP address. It provides network security by hiding all the systems from the external access to the system as the connection with the internet is not directly to the external systems (It, 2017). 

     

    project management assignment help, business management assignment help, business management assignment, management assignment help services, strategic management assignment help, management accounting assignment , management homework help, marketing management assignment help, human resource assignment help, human resource management assignment help, managerial accounting assignment help, management accounting assignment help, financial management assignment help, it management assignment help, project management homework help, hospitality management assignment help, hr management assignment help, operations management homework help, brand management assignment help, database management homework help, financial management homework help, operations assignment help, healthcare management assignment help, write my project management assignment,