Monday, May 4, 2020
IT Risk Management for Data Security- myassignmenthelp.com
Question: Discuss about theIT Risk Management for Data Security. Answer: Introduction Data security is very much vital in every aspect of living. As a result of the massive breaches in the data by major corporations with respect to every industry data security is a talk of the tech world. The impact of the data securities can be of very much importance due to the factor of economic and reputation impact it causes (Carver, Minku Penzenstadler, 2017). This factor is the main reason of a massive shift going on in the world today. The different security point features that are available such as firewalls can be of very much benefit as they not only provide security but also take action to address the threats. There can different situation where a person wants to access a data on a network drive but does not have access to it. This happens at most appropriate time and as a result of which they need to get holds of the system administrator in order to grand them the permission. Access point is basically a technique of identifying a person doing a specific task or job which can be authenticated by looking at their identification with respect to which the access can be given. Information security model can be related to methods that are used in order to authenticate security policies as they are intended to provide a precise set of rules that a computer must follow (Angst el al., 2017) Security threads and risk assessment should be incorporated when there is a developing or implementing major changes to or acquires an information system. These are the basic components of the overall risk management aspect (Karim et al., 2017) IT Security Technology Landscape In recent times the information technology security lags behind and there is a huge mismatch on what the customer expect it to give and what the security technology delivers to them. From the point of view of the customer the security should be protecting an enterprise against any thread that can cause harm to it. On the other hand the security aspects should be easy to implement as should be considered as an easy approach. The gap which is created is lagging for a long time because the security industry is more focused on the point solution creation rather than holistic answer to any aspect regarding to the security issue (Moncayo Montenegro, 2016). So, there is a massive shift of security aspect that must be deployed in order to approach and resolve the overall security aspect as well as the technology landscape. IT Security Models Access Controls The models to the It security model gives a large scale of idea about the basic rules that should be followed by a computer to in order to implement the fundamental security concepts involved in it. The basic models are stated below: State machine model: according to this model a state is a systems snapshot at a specific time incident. The state machine model derives from the computer science definition which can be related to finite state machine ( FSM), which is meant to integrate an external input with an internal machine state in order to model all the system types which may include a decoder, parser and an interpreter. The main transition takes place when accepting or producing output and this always results in a new state. Bell- Lapadula Model: this model was mainly developed in order to formulize the U.S department of defense (DoD) multi level security policy. This model classifies the resources into major four parts as unclassified, confidential, secret and top secret. The model can be implemented in such a way that an individual cleared for the security level only has access documents labeled secret. This merely means only those resources are available to the concerned person who needs access to that particular resource and not all the resource. Access point mainly deals with the permission of a particular person in order to access specific information. The access control model has mainly four aspects mandatory access control (MAC), rule and based access control (RBAC or RB-RBAC) and discretionary access control (DAC). These all model address a specific point of access to an individual. A person cannot merely access each and every point (De Smet Mayer, 2016). Only if an individuals identification credentials are valid they would be allowed to pass through the information on the data. This aspect plays a vital role in the security of the data from unwanted personals accessing them (Buttyn, Flegyhzi Pk, 2016). IT Security Threat and risk assessment IT security threat can be described as anything that would be directly contributing to the destruction, tampering or interruption of any service related aspect. Threats merely always go with vulnerability which can be graded in a similar manner which can be measured in term of capability and motivation. The vulnerability aspect analysis phase may include testing with the objectives something which can be related to value for example text file, classification document or password file (Buttyn, 2016). It should be noted that this should be pre determined with the senior management who are concerned the security aspect related to any field. The assessment of the risk plays an important role the risk can be factored in various conditions and the assessment of the risk accordingly can decrease the effect of the risk and eventually decrease it. The level of protection and maintenance would be different in different areas. The measure would directly be depending upon the size of the IT depa rtment (Loonczi, Ne?as Na?, 2016). Conclusion It can be concluded from the report that the threads and the various aspects is not a mean of end at any point. It is merely a continous process which has ones started and would continue in the near future. The risk factors should be evaluated according and necessary actions in order to minimize the risk associated with the different scenario should be identified in order to decrease the overall affect of the risk. All security devices and control are very much important but they should be framed in a large picture always. References Angst, C. M., Block, E. S., DArcy, J., Kelley, K. (2017). When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly. Buttyn, L. (2016). Introduction to IT Security. Buttyn, L., Flegyhzi, M., Pk, G. (2016). Mentoring Talent in IT Security-A Case Study. In ASE@ USENIX Security Symposium. Carver, J. C., Minku, L. L., Penzenstadler, B. (2017). Requirements, Human Values, and the Development Technology Landscape. IEEE Software, 34(1), 13-15. De Smet, D., Mayer, N. (2016, October). Integration of it governance and security risk management: A systematic literature review. In Information Society (i-Society), 2016 International Conference on (pp. 143-148). IEEE. Karim, N. S. A., Saba, T., Albuolayan, A. (2017). Analysis of software security model in scenario of Software Development Life Cycle (SDLC). Journal of Engineering Technology (ISSN: 0747-9964), 6(2), 304-316. Loonczi, P., Ne?as, P., Na?, N. (2016). RISK MANAGEMENT IN INFORMATION SECURITY. Journal of Management, (1), 28. Moncayo, D., Montenegro, C. (2016, October). Information security risk in SMEs: A hybrid model compatible with IFRS: Evaluation in two Ecuadorian SMEs of automotive sector. In Information Communication and Management (ICICM), International Conference on (pp. 115-120). IEEE.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.