Landscape IT Security And Technology †Free Samples For Students

Question: Discuss About The Landscape IT Security And Technology? Answer: Introducation IT security or data security is a major concern in every industry and organization. The data associated with the organization is needed to be protected in order to prevent the origin of information security threat associated with a system. Information technology security or IT security is a process of implementing different measures to protect and safeguard the information associated with the system. Information security management is a procedure of managing an organizations confidential data. IT security management is necessary to manage the risks systematically (Von Solms Van Niekerk, 2013). Information Technology enables a set of strategies used for managing the tools and procedures necessary to detect and prevent the threats associated with the system. In order to manage and protect the business processes and confidentiality of the data, proper information security is necessary. Confidential information associated with a system can be vulnerable to a number of attacks. These attacks include virus and malware attacks apart from hacking, spoofing phishing and so on. In an organization, information technology devices includes, computer and associated devices, servers, routers and switches that manages all the data and information associated with an organization. Information technology security deals with managing and controlling these sensitive data to prevent illegitimate or unauthorized uses. There are a number of ways of maintaining the data security in an organization (Peltier, 2013). Certain organization uses protected network or intranet to share their resources amo ng all the employees of the organization in a secure manner. This ensures that the data is not hacked or misused while transfer and also prevent the unauthorized access. Information Technology management is a complex task, as there is no place for mistake. This is particularly because it is not always possible for the organization or its employees to circulate data only in the organization premises. Features such as data access from remote location, which is a necessity in todays business in prone to attacks as well. Hence, data or information security needs to be properly maintained in an organization. Technology landscape refers to the different things associated with different business. It provides a one to one solution related to any IP goal and is a category of assessments that results in different outcomes depending on the strategy and context the business organization is following. Technological landscape associated with a business is an intellectual property of business intelligence that might be sometimes difficult to understand (CeArley Claunch, 2012). IT Security Models and access controls Security policies associated with an organization deals with the process by which the data of a particular organization is accessed and the level of security required to protect a particular data associated with a system. The security models associated with an organization outlines the process by which the security measures are to be implemented. It also explains the process by which the data can be accessed the actions to be taken to maintain the confidentiality of the data. Security models support the security policies implemented in an organization (Zissis Lekkas, 2012). If the policy requires all the employees to register before providing access to certain system, security models ensures the process by which this authentication can be achieved. Security mainly deals with the availability, integrity and confidentiality of the data. Security models thus play an important role in managing the security essentials associated with an organization. Proper security models are essential to ensure that the confidentially, availability and the integrity of the data is properly maintained in an organization. Access control in the information security system can be defined as the selective restriction of unauthorized user from accessing the system and resources. Access control limits the availability of information only to the specified person and prevents access for the unauthorized users. Access control is enforced in order to protect the confidential data of a system from illegal use. This adds to an additional layer of protection to the data associated with an organization. Moreover, it limits the access to the physical and virtual resources of an organization thus protecting it from theft and misuse (Lin et al., 2012). Access control is generally ensured by protecting a system or resource of virtual information with the help of user id and password. Only the authorized user has knowledge about these two credentials and thus can be accessed only by them. Access control systems forces the users to provide required credentials before the grant of access. The type of credential might be different for accessing the physical resources. Access control of physical resources may include CCTV surveillance, restricted areas and data entry before the access, finger print protection, use of card or key and so on. Access control can be classified into two major types, physical and logical. Physical access control protects the physical resources of an organization such as IT assets, components and so on. Logical physical control deals with protection of certain resources of an organization, which includes, the network connections, data resources, systems files and data (Almutairi et al., 2012). IT security Threat and Risk Assessment Information Security threat can be defined as a possible danger associated with the vulnerability and the data security breach that is capable of causing certain harm to the system. The common information security threats include Denial of service attack, hacking, phishing, ransom ware attack, Spam, Pharming, spoofing and so on. These threats are capable of causing serious harms to the computer system. Threats are an outcome of the different types of attack a computer or Information security system might face or is exposed to. The attack in and information security system can be broadly classifies into active attack and passive attack. An active attack is more dangerous than passive attack as it mainly deals with the data breach and serious loss of information. Passive attack is however, less severe which involves no direct attack but the attacker keeps a track of the system to collect necessary information required to plan and execute an active attack. In passive attack, the system is monitored and thoroughly scanned in order to identify the vulnerabilities of a system. The purpose of passive attack is to gain information of a targeted attack (Crossler et al., 2013). Information Technology risk assessment is a process of identifying and analyzing the risk associated with a system. It is a structured document that reviews the threat associated with a system and differentiate it according to their likelihood of occurrence and then multiplied with their affect on the operation or impact. There are a number of processes associated with the risk management, which includes, identifying the hazards and evaluating the risks associated with the system and records the result in a proper document (Alhawari et al., 2012). This document is updated with the addition or deletion of the associated risks in an organization. This is an effective method of preventing the security problems. Risk assessment according to their priority of occurrence is an integral part of the risk management process. The information security risks deals with the data protection against all the vulnerabilities a system is exposed to. Risk assessment document is maintained in order to t rack, monitor and control the overall risks associated with the information system of the organization. References Alhawari, S., Karadsheh, L., Talet, A. N., Mansour, E. (2012). Knowledge-based risk management framework for information technology project. International Journal of Information Management, 32(1), 50-65. Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A. (2012). A distributed access control architecture for cloud computing. IEEE software, 29(2), 36-44. CeArley, D., Claunch, C. (2012). The top 10 strategic technology trends for 2013. The Top, 10. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013). Future directions for behavioral information security research. computers security, 32, 90-101. Lin, G. Y., He, S., Huang, H., Wu, J. Y., Chen, W. (2012). Access control security model based on behavior in cloud computing environment. Journal of China Institute of Communications, 33(3), 59-66. Peltier, T. R. (2013). Information security fundamentals. CRC Press. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security. computers security, 38, 97-102. Zissis, D., Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.