| 2013 |
Term Paper: Redesigning Security Operations
1 Identify what you perceive to be the five (5) most concerning threats to the network, computing environment, and the database operations of the company
Data security Threats:
Data face many threats in various forms which can accessed by unauthorized people who can misuse it and can damage the company. Here is the series of potential risks and attacks which the data could face:
Data tempering: for the data to be more mores secure t is essential that it should not be modifies or viewed by anyone .in the environment some external parties can perpetrate the data by intercepting in the transit and could changes some parts of that data before it is retransmitting.
.Data theft: for
…show more content…
External threats: some outsider who has potential access to use the server or database can damage the computer and data .they are the expert people who break into the network mainly from the internet
.
3 design the security controls to mitigate the risks involved
For the control of the risk, following mechanism will be more effective in the implementation of the mechanism as the management must design the control environment with the assessment control risk. Thus it is essential for the higher management to look at the ground level and formulate the policies, guidelines and procedures which could be fitted with the environment which can more helpful in mitigating the associated risks.
* :environmental control * Preventive maintenance * Physical security * Personal control * Environmental change * Information control * User support * Some control over output * Event management Therefore risk mitigation aim at reducing he some internal and external threats which can hinder the performance of the organization. so these risk mitigation focus on the use of some structured policies and guidelines for the entire system to be installed on the network. Thus management should favor the control
Risk monitoring and control is the next step and involves the owners of the risks to monitor various risk triggers. This works by scanning the project environment for both identified and unidentified threats and opportunities much like a radar screen (Marchewka, 2009). This approach directly relates to how to respond to the risk. Risk response allows the owner of the risk to commit resources and take actions once the risk is known or opportunity is available. This action usually follows the planned risk strategy.
Usually, the most common risk management strategies can be subdivided into multi-stage approach in order to obtain a better impression of the underlying risks and thus to increase the probability of mitigating the firm’s risks properly and successfully. Also General Motors Corporation has developed various rules and guidelines to help manage minimize the risks associated with their business and investment operations.
violence related to racism and hatred in different communities is nothing new. However, hearing about incident of racism involving youth is not something that you hear every day. Recently, there was an article posted by Boston Globe reporting a case of hatred among youth. According to the article by Travis Andersen, “an 8-year-old biracial boy was taunted with slurs and pushed of a table with rope tied around his neck last month (2017).” Thankfully, the boy was okay after being treated at a hospital.
1st known threat: The first know threat that a server can have is DDoS attacks. I would rate DDoS as a 4 out of 5 because if your company is well known, it is likely that you will come across DDoS attacks. Over all I would rate this is as a 5 because DDoS can really slow down or shut your company down and deny access to your server. A DDoS can should be a high risk because it can happen at any time, also it shows were your vulnerabilities are.
The next step is to identify the risks, threats and vulnerabilities. Hackers attack from the Internet, failure of hardware or software systems, or network outages are the most common threats. And common vulnerabilities are absence of firewall and antivirus software, absence of update patches, not adequately trained associates etc.
Data confidentiality is one of the three main IT security components which are data confidentiality, integrity, and availability (CIA). To keep your data confidential means to protect your data from unauthorized access. In other words, sensitive data are stored in a protected system that keep these information and data away from attackers and here the data confidentiality will measure the ability of the system to protect its data.
6. Which domain represents the greatest risk and uncertainty to an organization? I would say the user for the simple fact that most people are not educated about security risks that they may or may not do.
Data Innovations Office facilitates cross-sector analytical insight generation to drive competitive value and optimize the use of its resources and financial assets. Under the Chief Data Officer’s leadership this office provides analytical services to many other business units. An agency relationship exists between Data Innovations Office and all other business units who use its services. At the same time, this office employs services of third party business analytics service providers. At times, the third party companies may need a database to create solutions which pose a great value. They might not be able to generate these databases on their own due to sheer volume of data and lack of very expensive data processing environments. Although these companies are hired to provide services solely for the interest of the principal – in our case Citigroup- they might see a potential to profit from selling their findings to other corporations. The principal limits such behavior by establishing appropriate incentives for the agent through the Master Service Agreements and by incurring monitoring costs. A non-disclosure agreement is also signed by the agent to legally prevent them from releasing any of their findings.
Review the Institute of Medicine (IOM) report: "The Future of Nursing: Leading Change, Advancing Health," focusing on the following sections: Transforming Practice, Transforming Education, and Transforming Leadership.
1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?
Think of your organizational assets from the eyes of an attacker motivated by crime, espionage, hacktivism and even warfare. In other words, what are our Top Threats and how do we know? Interview the Chief Risk Officer and Business Unit leadership and ask them “what keeps you up at night?”. Then tie these answers to Corporate objectives and strategies in a Risk Register.
Once there has been a risk management assessment, we can know exactly what to expect and what can be done to prevent any type of risk. We will also know how to deal with any risk while it is happening to contain it.
Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below:
One well accepted description of risk management is the following: risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues. In order to apply risk management effectively, it is vital that a risk management culture be developed. The risk management culture supports the overall vision, mission and objectives of an organization. Limits and boundaries are established and communicated concerning what are acceptable risk practices and outcomes. Since risk management is directed at uncertainty related to future events and outcomes, it is
There are a great number of security risks that could threaten the computer infrastructure. Below are the top 5: