ITC596 IT RISK MANAGEMENT

ASSESSMENT ITEM 3

Table of Contents
EXECUTIVE SUMMARY........................................................................................................2

OVERVIEW OF THE ORGANIZATION................................................................................2

THREATS, VULNERABILITIES AND CONSEQUENCES..................................................3

THREAT AGENTS AND RISK IN ORGANIZATION...........................................................5

IT BASED SOLUTIONS AND ITS IMPACT..........................................................................6

PROTECTION MECHANISM IN INFORMATION SECURITY...........................................7

CONCLUSION..........................................................................................................................8

REFERENCES...........................................................................................................................8
EXECUTIVE SUMMARY
In this executive summary, the report used to conduct a risk free analysis, which used
to analyze the technology used in the organization for the small IT software company. The
report used to analyze the organization with a software technology name small software
house which is the innovative software that helps the future environment to be executed with
a good plan. The organization’s administration and the infrastructure are shown with the
threats and the vulnerabilities, which clearly explained in this report. The risks and its
mitigation show in the report with the threats and its consequences for the software which is
innovated. The protection mechanism is analyzed for the security purpose that has the impact
over the organization. The privacy and the security does not affect with the created software
since it used to store the confidential data. Therefore, the report used to give the brief
description about the protection mechanism and the risks covered by the organization.

OVERVIEW OF THE ORGANIZATION

The overview of the organization is used to show the reduction of the risk in the
innovated software for the organization with new technology. The innovative software is
created by the small software house which is used for the future generation. The
documentation process and the coding process are stored using the organization’s internet
through a public way. The important thing to be required for developing a software is the
integrity and the confidentiality that has been invested for the corporate purpose in a proper
way. The staffs in the organization knows the password of the admin and hence they are
responsible for the management and the server infrastructure. The organization does not have
the administrator separately for looking the process instead the staffs in the organization
manages the process and the duty of the admin. The administration process is lacking in the
organization.

The employees in the organization are allowed to access the internet, but there are
some sites which are restricted to the employees to access over it. There are some of the
departments like legal, financial, human resources, management, research and the
development come under the organization which develops the innovative software. The
organization does not have the both off-boarding and the on-boarding process. The
organization does not have any policy framework. The organization has developed many
servers which used for analyzing the performance of the developing innovative software
which used to match the performance in the core business. The Vanilla is the operating
system which has been installed in the organization that contains the independent six types of
server. The latest operating system will not work with the system in the organization because
the operating system is not patched with the servers. The organization does not maintain the
software and the hardware properly above than five years.

The organization uses the machine which is accessed by the internet and the internet
uses the public address for accessing it. The mail services and the web page are some of the
services which do not contain the internet presence in the organization. There are some of the
services like the code versioning system, mail, the personnel data, home directories, web
page data and corporate data, etc. are stored with the servers. The organization used to store
the data in different boxes. The mail exchange server uses the internal disk which used for
storing the mails in the organization. The organization needs to preserve the data with some
integrity techniques. The integrity of the data is protected using the root passwords given in
the organization. The network uses the rsh and the Telnet to be hosted for the purpose of the
organization with administration. The organization uses the unused accounts which the
employees have already left the organization and this becomes a fine chance to the external
hackers to hack the system easily. There is no proper security firewall with the organization
which can easily make the threat to attack the system. There is no antivirus protection in the
system in the organization. The organization does not have a facility to have a backup and the
recovery with the data stored in the system. Hence, these are the current overview to be given
to the organization.

THREATS, VULNERABILITIES AND CONSEQUENCES

The organization which used to create and develop the innovative software must be
free from the threats, risks, vulnerabilities and the consequences which comes with those
risks. The security threats must be strictly avoided by the organization and it must contain
proper infrastructure that has the best condition. The serious vulnerability for an organization
is the unsecured internet connection that has been created for leading the
technology[ CITATION Oma13 \l 16393 ]. The unexpected format of the software is created or
developed when there is a lack in the security for several cases. The cyber criminals leverage
the social media which are distributed for having a complex geographical attack through a
term called water holing. The hackers identify the clusters in the websites and it infects the
organization for the employees who mostly visited the target websites. The issues which
connected with the internet is based on the security given to the mobile devices[ CITATION
Ayy17 \l 16393 ]. The catastrophic threats are created for the mobile malware. The least
resistance path is focussed using the cyber criminals. The third party entries used as the major
network attack which attacks the data in the organization. The employee credentials in the
organization are stolen by the attacker attacks the system. The organization neglects the
software and the hardware configuration for the security purpose. The organization does not
have proper security for the servers in the system. The data breach is made for the
information in the organization which is unprotected for the security with the configuration
setting. The organization has the outdated software installed in it where the hackers easily
steal the information from the database server.

The software in the organization must patched and it does not have any unsecured
servers in it. The security of the organization fails when the malicious code in the internet
starts downloading with the system and affecting the information in it. The external hackers
can easily attack the data in the organization since it is very sensitive in nature. The internal
and the external hackers are the two types of hackers for an organization. The third party
hackers are the external hackers and the employees in the organization are the internal
hackers. The intruders used to steal the information from the organization and sells it to the
third party hackers[ CITATION Vir17 \l 16393 ]. The mobile devices must not access the
confidential or the corporate data by the employees, which paves a way for the hackers to
take away the data from the devices. The software integrates the bugs which bypasses the
security controls over the organization. The injection is the main vulnerability in the
organization which used to inject the malicious code in the websites used by the organization.
The SQL injection uses the searching keywords for querying a database. The organization
does not have the proper way to protect the confidential data and the employees are very
reluctant over the work in the organization. The security control mechanism has to use for
making the correct infrastructure for the organization. Hence, these are some of the threats
and the vulnerabilities that have been faced by the organization.

CONSEQUENCES IN ORGANIZATION

The improper features in the organization are the main consequences that used to
develop the threats and the vulnerabilities that exploited by the hackers easily in the weak
state of the resources. The software developed by the organization created with the malicious
code when there is no proper security and the threats found in the software can be eliminated
secure measures and makes the confidential data to be destroyed in the system. The
vulnerabilities makes the security in the weaker way and makes the threats to attack the
information. The confidential data is attacked by the hackers with ransomware virus and
make them to pay the ransom that used to release the confidential information. The
organization needs to encrypt the confidential information with all the security techniques.
The innovative software which developed by the organization need to integrate all the
security features and techniques. The organization must not share the confidential password
with the employees in the organization only the authorized person need to carry those
passwords. The unique id and the password help in reducing the hacking process. The system
can be easily hacked when all the users use the same password and this is the main
consequences for the organization.

THREAT AGENTS AND RISK IN ORGANIZATION

The report used to analyze the risks and the threat that has been caused by the threat
agents in the organization. The threats are caused by the person in the organization is known
as the threat agents. The threat agents are used to cause the main damage to the organization
and the threat agents are like insiders, organized crime, terrorism, religion and political
crimes and national and state crimes. The main aim of the threat agents is used to attack the
information in the organization and make them to spoil all the works in the system. The
reputation of the organization is spoiled with the threat agents [ CITATION Tom18 \l 16393 ] . The
crime occurs between the organization in taking away the information without the knowledge
of the company is known as the organized crime. The employee in the information act as a
threat agents and they are known as insiders of the organization. The political information is
taken by the terrorism make them to attack the organization or the country. The motivation
level of the threat agents is like low, moderate and high which known by the action
performed in the organization. The organization without any proper security makes to raise
the risks which gives a major impact for the organization while developing the innovative
software. The organization uses six types of different server and they have been used for
many years, but not updated with the latest version which makes the organization to use the
risk and cause the information to be damaged by the threats. The confidential information
damages with different level in the organization. The threat agents must not be allowed in the
organization. Hence, the given information is all about the threat agents in the organization.
MITIGATION OF SECURITY RISKS

The employees in the organization are the main cause for the security risks. The role
and the objective of every employee must be known by them while developing then software
for the innovative purpose. The every organization used to face the insiders which are the
important threats caused by the employees in the organization. The employees used to attack
the data stored in the organization. The credentials and the information about the every
employee is checked for mitigating the risks which used to cut the connection of the
employees when their activities are in unwanted ways. The organization has used to exploit
the monitor, management and the control which used to prevent the previlaged credentials in
the organization. The security risks are created by the employees who are very careless in the
organization. The hackers hack the system which is not locked by the careless employee in
the organization[ CITATION Sur151 \l 16393 ]. The database can be easily opened by the hackers
when the system is not locked in the organization. The employee in the organization must not
share the passwords with others and they should not keep the weak passwords for the
organization. The unauthorized websites also a risk which are visited by the careless workers
and unconsciously the threats are downloaded that occurs the unwanted problem for the
organization. These kinds of problems are easily analyzed and solved by keeping strong
passwords for the domain id of the employee and make them to encrypt the confidential data
in the system. The mobile devices mainly used to access and share the data which makes the
users to neglecting the passwords in the devices. The bring your own device used to monitor
the actions performed by the employees and educate them with the best device expectation
process. The above given are the some of the risks which are mitigated for the organization.

IT BASED SOLUTIONS AND ITS IMPACT

Developing the software must clearly show the requirements of the clients of the
organization with the information technology. The organization must have all the softwares
and the hardwares to be updated and maintained in good manner. An individual profile and
the password are allocated for every employee in the organization and the credentials should
not be shared with the other peoples in the organization. The employee must have the
individual attendance which shows that everyone must have their biometric while coming
inside the organization. The firewalls need to be installed in the every system in the
organization as the security software and the software need to be installed with the latest
version. The updated version of the antivirus software helps to identify the virus and
eliminates those errors in the system. The firewalls used to block and restrict the unwanted
activities in the organization. Every unique person needs to access their own username and
the password. The proper security needs to be given to the websites and the browsers used in
the organization. The administrative rights need to be given to the proper person with
individual username and the password. The data loss of the organization is avoided in the
database server when proper security techniques are integrated in it. The hackers action is
eliminated when the softwares are properly patched by the employees in an organization. The
organization provides importance for the user experiences to show the performance of the
employee. The development of the software need to give best solution which impact the work
of the organization. The client has to provide correct deadline for the organization in
developing the software. Hence, the organization is impacted by the information technology
and gives the best solution.

PROTECTION MECHANISM IN INFORMATION SECURITY

The protection mechanism is used to describe the information security and its
protection for the organization. The organization is protected with the techniques which used
to store the communication system and the database server in storing the information. The
developing innovative software in the organization must overcome all the security issues and
must be protected with the confidential information. The three important features which are
integrated in the developing software is confidentiality, integrity and availability. The
authentication and the authorization technique need to be implemented in the developing
innovative software. The confidential information must not be accessed by the hackers and
the encryption technique need to be integrated in the protective mechanism that restricts the
access of the unwanted activities. The main aim of the hackers is to steal the data or to
modify the data and they use to steal the data from hospitals, financial sectors or the celebrity
information. The unauthorized and the unsecured access used to damage the reputation of the
organization. Hence, the organization used to create the innovative software with all the
protection mechanism which used to stop the unwanted activities and protect the information
from the hackers. The unwanted access is like the data modification, denial of service attack
and data loss.

Alhassan, M. M. (Jan 2017). Information Security in an Organization . International Journal

of Computer , 100-116.
In this paper, the researcher Alhassan describes the information security for the organization.
The information security is said to be an important one which needed to be performed in
every organization. The InfoSec is the small word which used to defend the information from
the unauthorized access, inseption, disruption, use, access, disclosure and the destruction. The
data must be protected by confidential way and the safety of the data is ensured by the
techniques featured by the organization. Every organization’s lifesaver is the information
security all over the world. The impacts of the security threats are like leaks of the personal
information, data loss, spreading of the virus and wastage of the time, which are estimated in
the organization[ CITATION Moh172 \l 16393 ]. The author in this paper provides a best
information security which used to manage all the responsibility in the organization. The
security threats are alerted for the organization and they are responsible to assist the experts
through application support.

CONCLUSION
Let us conclude in this report, that the reputation of the organization is based on the
innovative software which is created by them. The software need to be created with all the
security mechanisms and the clients need to be attracted to the process. The organization
must identify the threats and the risks before starting the development of the software. The
security techniques are applied to avoid and eliminate the unwanted issues in the
organization. The requirements and the needs of the software are given clearly in the report.
The report shows the risks and the ways to mitigate the risks for the organization. The impact
of the information technology shows the importance of the technology for the organization
while software development. The security measures are shown with the protection
mechanism of the organization. Therefore, the given report shows the importance of the risk
assessment and the development of the software.

REFERENCES
Alhassan, M. M. (Jan 2017). Information Security in an Organization . International Journal
of Computer , 100-116.

Ali, A. (Feb 2017). Database Security: Threats and Solutions. International Journal of
Engineering Inventions , 25-27.
Bajtoš, T. (Feb 2018). Network Intrusion Detection with Threat Agent Profiling. Security and
Communication Network , 1-18.

Mushayt, O. S. (July 2013). Threats and Anti-threats Strategies for Social Networking
Websites. International Journal of Computer Networks & Communications , 53-61.

Prakash, S. (Jan 2015). Mitigation strategies for risk management and sustainability in supply
chain. National Conference on Sustainable Manufacturing , 1-15.

Tasril, V. (August 2017). Threats of Computer System and its Prevention. International
Journal of Scientific Research in Science and Technology , 448-451.