Tuesday, May 5, 2020

Security Management IT Related Risk Management

Question: Describe about the Security Management for IT Related Risk Management. Answer: Introduction Security management is the type of identification for organisation assets, which is followed by the documentation; development and it also implement the policy and procedure for protecting the assets of an organisation. Any organisation uses the security management process for the risk assessments and risk analysis to identify the threats, rate system vulnerabilities and categories assets. All this are done to implement some effective control to the organisation. Information security management system is a policy which is concerned with information security management or IT related risks (Hassan, 2010). Security threats The company Boston dynamic is getting attack by the security threats denial of service which attacks the machine or network resources. It temporarily interrupts or suspends the service or host which has been connected to the internet. Denial of service typically accomplished by the by flooding the targeted machine or the resources. This denial of service attacks the company security. It has been done by the competitor company as the Boston dynamic was having a good profit, so the competitor company is feeling jealous of it. So they attack the Boston dynamic to spoil the work of the company (Kosch, 2009). Denial of service When there is an attack of the denial service on the computer than the network performance of the machine goes slow. The website of the organization does work properly; there is a problem in accessing the website of the company. The number of spam emails is received in the email website. It also affects the internet service. Denial of Service attack is a type of network attack which is designed to target the network or machine with a huge amount of useless traffic which is overloaded and eventually bring it down to the knees. The main intention of the DoS attack is to make the services on the target machine which is always temporarily unavailable to its individual users. DoS attacks are generally run out on web servers that host some important services such as banking, e-commerce or credit card processing (Needham, 1993). 1. The steps which are involved by the attacker are they use the denial of service attack which destroys the computer and interrupts the network security of the company. This is very common attack which generally attacks any network and creates the problem for the organization. After researching on the attack denial of service I found that in America about 911 Emergency response system has been hacked by this attack. This attack mainly spoils the company as the hacker hack all the information of the company and create different problem to the company website and some spam emails are sent to the client of this company which gives a bad remark. The consequences of this attack are it slow down the network performances and resources of the company and sent various spam emails to the client. To stop this denial of service attack the company Boston dynamic have to take some security management process which will protect the company and the documents of the common to getting it hacked or attack by any threats. Since the company infrastructure are divided into three part the corporate environment overall have 12 staff, IT department has 3 staff and some staff is for network security. All the staff of the company Boston dynamic should work with truthiness without doing any illegal task within the organization like they should not give the security code and vital information to the other member of any other company. It is the responsibility of all the staff of the company to work for the company with trustworthy. They should do not affect the company security. To take care of the company the CEO of the company should keep a view on all the staff and their work. To see whether they are passing out any vital information of the company to outside or not. So all the security code of the document should not leak to all the staff. Training: The workers are needed to be properly trained against any kind of threat. They must be aware of the internal as well as the external threat which may cause trouble for the organization. As per our find outs, if any kind of security mishaps happen then that would happen due to the human error, most of the workers showed inability and lack in knowledge towards security issues. Establishing proper security culture along with a well designed working culture would help the organization in creating awareness and seriousness to the employees. The checklist is mainly done to determine the involvement of human errors or changes in future. The Questionnaire will be used to determine the human safety measures in the organization. According to the IT security protocol of ISO 270002, the human resource of an organization must be aware of internal and external threats. I will find the involvement of the human errors in the auditing so that organization could take necessary steps to eliminate the possible human error in the functioning. Checklist: The risk assessment team make a checklist of the required aspect for the proper assessment. The checklist involves the primary and the secondary aspects of the organization and it will involve the required steps for the audit. The assessment checklist involves structured questionnaires or the work plan which we will implement for the audit of the organization. The checklist will involve the present EMEA security guideline and its findings of the security of the organization. The checklist will primarily require for guiding the audit team by referencing predefined criteria for the auditing. This will involve the auditors for the internal audit functions and for the checking the criteria involved with the organization ( Derogatis, 1980). Threats In a computer or machine, security threats are the most dangerous which exploit the vulnerability to breach the security and harm the machine as well as the company. The threats can be intentional or sometimes accidental which took place during any event or action (Young, 2009). Types of threats Some of the common threats which we see in the computer like , viruses which affect the program of the computer and also slow down the computer. Worms, this type of Malware uses network resources for spreading. It spread very fast and affect the whole computer. Trojans which infected the computer by an unauthorised user. It mainly comes by using different software and affects the computer. Riskware this software is not a type of virus, but it contains some of the potential threat of itself. The presence of this type of threats out the computer in risk (Parker, 1973). 4. Information security policy, ethics and legal aspects The company wants to implement some of the security management which can clear the attack and help to protect the company from future attack. So the company needs to do a plan how to implement and the company should provide a proper security training to all the staff so they can work on it well and protect the network and resources from getting attack by the competitor company. The best security management for the Boston dynamic will be if they implement the software which will protect the machine which they are using like if they use id and password system in their machine and put a software which randomly change the password after 30 minutes which will be known by the user of the machine. Then all the email and website will also be protected and nobody can hack the information and nobody will have the permission to open the machine without the particular person who is using the network and machine of the company. ISO 27002 Guidelines: Its is a security standard issued by the International Organization for Standardization. This is a practice manual for all the companies related to the security of the information technology. It contains some security measures and techniques. It was first introduced by the Shell and later on adopted by the British standard council and ISO. It has mainly three security guidelines related to the Physical and environmental security, human resource security and Access control. So the company Boston Dynamic should also use his guideline to have a security in their company (Distere, 2013). The company provides a proper training of work to the staff along with that the company should provide a training of ethics and legal aspect. The company should make some policies which should be followed by all the staff of the company. Since everyone has some ethics in their organization and also some of the rules and regulation which should be followed. Other then this I think every staff should feel proud to be the member of the company and do their task with trustworthy without affecting the companies task. Conclusion The assessment of the company is done by the IT staff of the company Boston Dynamic. The company is a robotic company named Boston Dynamics. The company builds advanced robots for a different purpose as per the requirement of the client. The company works internally and provide the robot after doing a proper testing and checking the algorithm. It has three infrastructure which has different staffs like 12 staff for the corporate environment of the company and 3 staff for IT and they all do the assessment for the company and it has been found that company has been attacked by the denial of service which slows down the network performance when it attacks any network of the company. Because of this attack, the website of the organization does work properly; there is a problem in accessing the website of the company. The number of spam emails is received in the email website. It also affects the internet service. Denial of Service attack is a type of network attack which is designed to t arget the network or machine with a huge amount of useless traffic which is overloaded and eventually bring it down to the knees. The main intention of the DoS attack is to make the services running on the target machine which is temporarily unavailable to its individual usersSo the risk assessment team make a checklist of the required aspect for the proper assessment. The checklist involves the primary and the secondary aspects of the organization and it will involve the required steps for the audit. The assessment checklist involves structured questionnaires or the work plan which we will implement for the audit of the organization. The checklist will involve the present EMEA security guideline and its findings of the security of the organization. So the company decided to use the ISO 27002 Guidelines, which is a security standard issued by the International Organization for Standardization. This is a practice manual for all the companies related to the security of the information technology. It contains some security measures and technique. It was introduced by the shell. Reference Needham, R.M., 1993, December. Denial of service. InProceedings of the 1st ACM Conference on Computer and Communications Security(pp. 151-153). ACM. Wood, A.D. and Stankovic, J.A., 2002. Denial of service in sensor networks.computer,35(10), pp.54-62. Kosch, T., Kulp, I., Bechler, M., Strassberger, M., Weyl, B. and Laskowski, R., 2009. Communication architecture for cooperative systems in Europe.IEEE Communications Magazine,47(5), pp.116-125. Hassan, A. and Bahgat, W., 2010. A framework for translating a high level security policy into low level security mechanisms.Journal of Electrical Engineering,61(1), pp.20-28. Young, J.R., 2009. Top 10 Threats to Computer Systems Include Professors and Students.Education Digest: Essential Readings Condensed for Quick Review,74(9), pp.24-27. Parker, D.B., 1973.Threats to computer systems(No. UCRL-13574). CALIFORNIA UNIV BERKELEY LAWRENCE LIVERMORE LAB. Disterer, G., 2013. Iso/iec 27000, 27001 and 27002 for information security management. RadovanoviĆ¡, D., RadojeviĆ¡, T., LuÄ iĆ¡, D. and arac, M., 2010, May. IT audit in accordance with Cobit standard. InMIPRO, 2010 Proceedings of the 33rd International Convention(pp. 1137-1141). IEEE. Derogatis, L.R., Lipman, R.S., Rickels, K., Uhlenhuth, E.H. and Covi, L., 1974. The Hopkins Symptom Checklist (HSCL): A selfà ¢Ã¢â€š ¬Ã‚ report symptom inventory.Behavioral science,19(1), pp.1-15. Vorobiev, A. and Han, J.H.J., 2006, November. Security attack ontology for web services. InSemantics, Knowledge and Grid, 2006. SKG'06. Second International Conference on(pp. 42-42). IEEE. Skorin-Kapov, N., Chen, J. and Wosinska, L., 2010. A new approach to optical networks security: attack-aware routing and wavelength assignment.IEEE/ACM transactions on networking,18(3), pp.750-760. Converse, K. and Edmark, R., International Business Machines Corporation, 2001.Web server intrusion detection method and apparatus. U.S. Patent Application 09/810,028.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.