






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Security assigment btec and others
Typology: Study Guides, Projects, Research
1 / 12
This page cannot be seen from the preview
Don't miss anything!







3 Task 3.1 Risk management procedure for EMC Cyber solutions to safeguard itself and its clients 3.1.1 Risk Assessment Risk assessment is the process of identifying potential hazards and analyzing what might happen if a hazard occurs. Business Impact Analysis (BIA) is the process of identifying potential impacts resulting from the disruption of time-sensitive or critical business processes. (ready.gov, 2021) 3.1.2 Risk Assessment Framework(RAF) A risk assessment framework (RAF) is an approach to prioritize and communicate the security risks posed by an information technology organization. The information should be presented in a way that can be understood by both technical and non-technical personnel. A Look at the RAF provides organizations with assistance in identifying and detecting lowand high-risk areas in the system that may be vulnerable to abuse or attack. (techopedia, 2017) Types of Risk Assessment Framework
If there is a small change in risk, the particular risk measure usually has a predictable effect on profit and loss (“P/L”). They can also provide information about the degree of volatility in the P&L. For example, the risk of investing in stocks can be measured as the effect of gains and losses on stocks, such as a 1-unit change in the S&P 500 Index or the standard deviation of a particular stock. Common comprehensive risk measures include value at risk (VaR), return at risk (EaR) and economic capital. In addition to these measures, techniques such as scenario analysis and stress testing can also be used.
3.1.6 Comment on IT Security & Organizational Policy 3.1.6.1 IT Security Audit An IT security audit is a comprehensive study and assessment of your company's information security system. Regular audits can help you identify weaknesses and vulnerabilities in your IT infrastructure, validate security controls, ensure regulatory compliance, and more. (Tierney, 2020) Process of IT Security Audit
Train employees on safety requirements and safety awareness. Implement additional advanced methods to handle sensitive data and identify signs of malware and phishing attacks. Acquire new technologies to strengthen existing systems and regularly monitor your infrastructure for security threats. (Tierney, 2020) Types of IT Security Network security Network security is used to prevent unauthorized or malicious users from entering your network. This ensures that usability, reliability, and integrity are not compromised. This type of security is required to prevent a hacker from accessing data on the network. It also prevents them from negatively impacting your users' ability to access or use the network. Network security is becoming an increasingly complex challenge as companies expand the number of endpoints and migrate services to the public cloud. Internet security Internet security includes the protection of information sent and received in browsers, as well as network security using web applications. These protections are designed to monitor incoming Internet traffic for malware and unwanted traffic. This protection can take the form of firewalls, malware and spyware protection. The last security post Terminal security provides protection at the device level. Devices that can be protected with endpoint security include cell phones, tablets, laptops, and desktop computers. Endpoint security will prevent your devices from accessing malicious networks that could pose a threat to your organization. Advanced malware protection and device management software are examples of endpoint security. Cloud Security Apps, data, and identities move to the cloud, which means users connect directly to the Internet and are not protected by a traditional security stack. Cloud security can help protect the use of software as a service (SaaS) and public cloud applications. Cloud Access Security Broker (CASB), Secure Internet Gateway (GIS) and Cloud Unified Threat Management (UTM) can be used for cloud security. Application security Due to application security, applications are specially encrypted at creation time to be as secure as possible to ensure that they are not vulnerable to attacks. This additional layer of security includes assessing the application code and identifying vulnerabilities that may exist in the software. (cisco, 2021) Page 65- 3.1.7 Organizational Policy A policy is a set of general guidelines that describe an organization's plan to address a problem. Policymakers communicate the relationship between the vision and values of an organization and its day-to-day operations. (i-sight, 2021) 3.1.8 Advantages of IT Security Audit
them question the misuse of the data and seek remedies. The implementation of this bill is carried out through the Information Commissioner ("Commissioner"). The Act stipulates that any individual or organization in a computer or certain manual data system (or processing such information on a computer) is obliged to comply with the eight data protection principles and notify the commissioner of the processing that will take place. Failure to notify is a criminal offence. However, there are many exemptions from the notification requirements of the Act for individuals and organizations that only use personal data on a limited basis. The commissioner has developed a self-assessment guide to determine whether notification is required. Remedies for misuse of personal data include compensation when individuals suffer damage, correct or destroy inaccurate data, and the right to request a commissioner to review whether they violate the Act. Principles of Data Protection Act (DPA) 1998 Having seen the changes from the DPA in 1998 to the legislation in 2018, it is worth noting that the following seven principles are intended to form the basis for organizations to establish all data protection practices. The year is 2020, and all organizations that process personal data must understand and comply with these increasingly common data protection principles.
Since there was no prior principle in DPA 1998, the liability principle requires organizations to be held accountable for the personal data they process and their compliance with six other principles. Appropriate records and actions must be taken to confirm compliance. (hutsix, 2021) 3.2.1.2 Data Protection Act 2018 The current version of the Data Protection Act was introduced in May
Principles of Data Protection Act 2018
Principles of Personal data protection act 2012 The PDPA imposes the following data protection obligations on organizations in relation to their data operations:
3.2.4 ISO 31000 Risk Management Methodology The long-term success of an organization depends on many factors, from continually evaluating and updating the proposal to optimizing processes. As if that were not enough, they must also take into account contingencies when managing risk. That is why we developed ISO 31000 for risk management. In addition to ensuring business continuity, ISO 31000 provides a level of confidence in terms of economic sustainability, professional reputation, environmental performance, and safety. In a world of uncertainty, ISO 31000 is designed for any organization that wants clear guidance on risk management. (iso, 2021) How can organizations become ISO 31000 certified ISO 31000 "Risk management - Guiding principles" contains the principles, structure and process of risk management. Any organization can use it, regardless of its size, activity or department. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources to address risks. However, ISO 31000 cannot be used for certification purposes, but rather to provide guidance for internal or external audit programs. Organizations that use it can benchmark their risk management practices against internationally recognized benchmarks to ensure that sound governance and corporate governance principles are reasonable. (iso, 2021) ISO 31000 Risk Management Process