Critically analyse the various approaches for Mitigating Security Risk, Including when to use Insurance to transfer IT risk.
The data protection in the organization is an important part for the development of the organization in the market. There are various risk and security threats to the data and information.
This report deals with the IT security landscape, IT security models and controls and IT security treat and risk assessment.
This report outlines these three topics in the business organization that helps in the development of the company in the market. Therefore, there are various techniques for initiating the risk assessment process in the organization.
IT security and Technology landscape
The IT security and technology in the companies have helped in the maintaining the security of the data and information of the company in the market (Ackermann, 2012). The various data and information of the company had need used in the market for various purpose. Therefore, there is a great need of the security of the data and information in the market. The IoT has helped in providing security ti the data and information of the company in the market. The cyber-insurance is a term that is used for recovering the data and information from being lost. There are many cases in which the data and information has been recovered by the companies in the market (Bojanc, & Jerman-Blaži?, 2013). Various protocols help in recovering the data md information in the market. In the other hand, Rieke et al., (2012) argued that there is a least chance of recovering the data and information from being lost. The lost data and information of their company cannot be recovered and it is a complicated process. The IT security and risks has been focused and maintaining the process of the retrieving the data and information regarding the company.
IT Security Models and Access controls
There are various access control models in the IT that helps in controlling the data ans information in the companies.
Role-based Access control
The Role-based access control (RBAC) model constitute of the roles that helps in permitting various job to the users. It was developed to overcome the administrative problems that are encountered in the large commercial companies. The major part of the decisions making are dine with the help of the DAC method. The RBAC model is a hierarchical model that helps in maintaining a role model in the field of IT security field (Jaferian et al., 2014). Therefore, it helps in reviewing and relocating the permission of the company. It relates with the cost benefit analysis of the data and information of the company in the market. The security of the data and information the company can be controlled by the RBAC model by controlling the access of the elements in company. The security of the data and information from the cyber-attacks is topmost priority for the company in the market there are several cases of the cyber-attacks that has caused huge data loss ti different companies. On the other hand, Rieke et al., (2012) argued that the RBAC model is not able to control the amount the cyber-attacks as the protocols used in this model are of older version. Therefore, the viruses and malwares can easily penetrate through the security systems in this model. This has been a great loss to the company by using this model. The RBAC model has also helped in maintaining the growth of the company in various fields by securing the data and information of the company (Peltier, 2016). The Hierarchical order of the model has helped in enhancing the performance of the model in the market.
Figure 1: RBAC model
(Source: Jaferian et al., 2014)
Figure 2: IT security and access control framework
(Source: Ackermann, 2012)
IT security Threat and risk assessment
The IT security and threat management is an integral part of the company to be measured. There are various risks are mentioned below in the table.
· Theft (electronically and
· Non-technical staff
· Inadequately trained IT staff
· Backup operators
· Technicians, Electricians
· Lightning strikes
· Air (dust)
· Heat control
Table 1: List of Risks
The risk assessment is a method to identify the risks involved in the IT companies in the market. The above table shows about the different risks that can be vulnerable in the IT companies. The risk assessment helps in analyzing various aspects of the risks in the company. The risk assessment procedure includes the identification of the risks involved in the company and making strategies ti mitigate these risks in the market. There are various levels of risks that are taken into concern including high-level, medium level and low-level risks. The vulnerability of the threats in the IT companies are taken out by the risk assessment process. It is the mechanism of reducing the risks of the data loss in the company. There are several process to control the cyber-attacks in the companies. The firewall re used to restrict the anonymous viruses and malwares. There are various intrusion detection systems are installed in the company that helps in controlling the cyber-attacks in the companies. The use of the updated firewalls and anti-viruses software helps in reducing the risks of cyber attacking the server of the company (Vacca, 2012). The proper risk management has helped in tracking these activities over the Internet and making the company free form the cyber-attacks. The hackers are restricted ti enter into the security firewall of the server.
It can be concluded that the IT security and technology in the companies have helped in the maintaining the security of the data and information of the company in the market. The various data and information of the company had need used in the market for various purpose. Therefore, there is a great need of the security of the data and information in the market. The RBAC model has helped in maintaining the IT security and access control in the company
Ackermann, T. (2012). IT security risk management: perceived IT security risks in the context of Cloud Computing. Springer Science & Business Media.
Bojanc, R., & Jerman-Blaži?, B. (2013). A quantitative model for information-security risk management. Engineering Management Journal, 25(2), 25-37.
Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., & Beznosov, K. (2014). Heuristics for evaluating IT security management tools. Human–Computer Interaction, 29(4), 311-350.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., & Gaber, C. (2012, October). Security and Reliability Requirements for Advanced Security Event Management. In MMM-ACNS (pp. 171-180).
Vacca, J. R. (2012). Computer and information security handbook. Newnes.