











































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of the various it security risks faced by modern companies, including system failures, improper data use, denial of service attacks, and human errors. It discusses the process of risk management, including identifying, analyzing, controlling, transferring, and reducing risks. The document also covers it security solutions such as firewalls, virtual private networks (vpns), and network monitoring tools. It delves into the importance of iso 31000 risk management standards and the benefits of it security audits for organizations. A wide range of topics related to it security, making it a valuable resource for understanding the challenges and best practices in this field.
Typology: Lecture notes
1 / 51
This page cannot be seen from the preview
Don't miss anything!












































The achievement and result of this assignment work required a lot of guidance and help from many individuals and I am extremely fortunate to have this all along the completion of my assignment work. whatever I have done is only due to such guidance and help and I would not forget to gratitude them. I respect and thank Mr T.Suresh for giving me an opportunity to do this assignment work on time, I extremely grateful to him for providing such a nice support and guidance. I am grateful because I managed to complete this assignment work within the time given by my lecturer. This assignment work cannot be complete without the effort and co- operation from my classmates. I would like to express my gratitude to my friends, family and respondents for support and willingness to spend some time with me.
Table 1 IT security risk............................................................................................................... 14 Table 2 advantages................................................................................................................... 23
The coronavirus (COVID-19) is already affecting the global economy and market. Conferences and activities are being cancelled by companies. Outsiders are being barred from their campuses. The ability to travel is limited. Companies can also enforce a work-from-home policy in certain cases. Decision-making in the IT and BPO services sectors is stalled, and clients are still canceling expected contracts. What is the extent of the services industry's disruption? It will have a detrimental effect on sales growth in the coming years, and possibly for many more. New ventures will be scrapped or postponed. This is due to the fact that, first and foremost, businesses cannot purchase complex services without traveling. Second, any major project necessitates executive support and resources, and they won't have the time to move contracts forward in the coming months. the best-case scenario is that the effect would last only one or two years, with programs and new ventures being postponed and only a small number of new contracts being cancelled.
Security is the prevention of illegal or unwanted penetration intentional or unintentional interference with the proper and intended operation or inappropriate access to confidential information in industrial automation and control systems
An uncertain event, activity or situation that can have a positive or a negative effect on any objective.
Physical risk Electronic risk Technical risk Infrastructure risk Human risk
Figure 3 technical risk example Example: computer parts failure
This could happen though the network connection Figure 4 infrastructure risk example Example: loss of data’s
The risk of people doing things they shouldn't, or not doing things they should" is described as "the risk of people doing things they shouldn't, or not doing things they should."
Figure 5 human risk example Example: rules mistakes
System failures Improper use of data More and more companies are competing attract customers Denial of service Hacker’s problem Natural disasters Software failure Spam, viruses and malicious attacks Human error
For most modern companies’ threats and risks to IT systems and information are an everyday reality. this should put in place safeguards against fraud and hackers to secure your systems and data Computers, servers, and wireless networks should all be safe. Anti-virus and anti-spyware software, as well as firewalls, should be used. Update applications to the most recent versions on a regular basis. Off-site or remote data backups are recommended. Keep your passwords secure. Staff should be trained on IT policies and procedures. Recognize your legal duties as an online business owner.
Type of risk Example of risks Risk solutions Impact Physical Risk Flood, human error We can provide a backup system to keep our data secure Loss of stock and assets Electronic risk System failures It is possible to provide a power supply unit that can hold the power on for 24 hours. Missing or corrupted data Technical risk Computer parts failures Having a backup system in place is beneficial Lost custom and market share Infrastructure risk Loss of data can have a strong network link that does not slow down Impact on technology team productivity Human risk Rules mistakes More Training, Create a solid recovery strategy. System block Table 1 IT security risk
A firewall is a network security mechanism that tracks and controls incoming and outgoing network traffic, allowing or disallowing data packets based on security rules. Figure 7 firewall
Block trojans: a firewall is helping to project horses from trojan. such form of intruders lock onto computer files and then they go along for the ride to do more harm to the destination when it sends out a file Monitor’s traffic: a firewall controls the entire traffic that reaches the computer network Stop hackers: it prevents hackers out of the network getting a firewall Stop keyloggers: protection of the firewall reduces the risk of tracking by keyloggers
Configuration of a broad policy Dangerous rouge facilities and management Security methods that aren't industry standard Security methods that aren't industry standard the outputs of security devices' logs
Connection is not possible due to a firewall configuration error. There would be less encryption. Using the incorrect ports. The server relation is incorrect.
Increased Network Latency A longer time for a page to load might mean a higher network latency. Application Unavailability High packet losses on the VPN server would have a negative impact on application efficiency.
A DMZ is known as a perimeter network or a screened sub network It is a physical or logical subnet that distinguishes the local internal network from other untrusted networks. DMZ are meant to act as a kind of buffer zone between the private network and the public internet. Figure 9 DMZ
Access Control for Organizations. Prevent attackers from performing network reconnaissance. Protection against IP spoofing
When connecting hosts to an untrusted external network interface, this command is used The DMZ is isolated using a security gateway to filter traffic between the DMZ and the private network. The DMZ also has a security gateway in front of it to filter incoming traffic from the outside network. The primary purpose of a DMZ is to enable untrusted access to resources while maintaining a secure private network. Web servers, mail servers, FTP servers, and VoIP servers are all popular DMZ services.
Static IP address is a 32-bit number allocated to a device as its internet address. There is no improvement in a static IP address and the ISP would cost an additional charge in most instances for a limited number of IP addresses, static IP addresses must be reserved. no matter what the user does, static IP addresses will remain the same unless they ask their ISP to modify it. Figure 10 static IP