Professional Documents
Culture Documents
Itc596 It Risk Management Assessment Item 3-Copy 3
Itc596 It Risk Management Assessment Item 3-Copy 3
ASSESSMENT ITEM 3
Table of Contents
EXECUTIVE SUMMARY........................................................................................................2
CONCLUSION..........................................................................................................................8
REFERENCES...........................................................................................................................8
EXECUTIVE SUMMARY
In this executive summary, the report used to conduct a risk free analysis, which used
to analyze the technology used in the organization for the small IT software company. The
report used to analyze the organization with a software technology name small software
house which is the innovative software that helps the future environment to be executed with
a good plan. The organization’s administration and the infrastructure are shown with the
threats and the vulnerabilities, which clearly explained in this report. The risks and its
mitigation show in the report with the threats and its consequences for the software which is
innovated. The protection mechanism is analyzed for the security purpose that has the impact
over the organization. The privacy and the security does not affect with the created software
since it used to store the confidential data. Therefore, the report used to give the brief
description about the protection mechanism and the risks covered by the organization.
The employees in the organization are allowed to access the internet, but there are
some sites which are restricted to the employees to access over it. There are some of the
departments like legal, financial, human resources, management, research and the
development come under the organization which develops the innovative software. The
organization does not have the both off-boarding and the on-boarding process. The
organization does not have any policy framework. The organization has developed many
servers which used for analyzing the performance of the developing innovative software
which used to match the performance in the core business. The Vanilla is the operating
system which has been installed in the organization that contains the independent six types of
server. The latest operating system will not work with the system in the organization because
the operating system is not patched with the servers. The organization does not maintain the
software and the hardware properly above than five years.
The organization uses the machine which is accessed by the internet and the internet
uses the public address for accessing it. The mail services and the web page are some of the
services which do not contain the internet presence in the organization. There are some of the
services like the code versioning system, mail, the personnel data, home directories, web
page data and corporate data, etc. are stored with the servers. The organization used to store
the data in different boxes. The mail exchange server uses the internal disk which used for
storing the mails in the organization. The organization needs to preserve the data with some
integrity techniques. The integrity of the data is protected using the root passwords given in
the organization. The network uses the rsh and the Telnet to be hosted for the purpose of the
organization with administration. The organization uses the unused accounts which the
employees have already left the organization and this becomes a fine chance to the external
hackers to hack the system easily. There is no proper security firewall with the organization
which can easily make the threat to attack the system. There is no antivirus protection in the
system in the organization. The organization does not have a facility to have a backup and the
recovery with the data stored in the system. Hence, these are the current overview to be given
to the organization.
The software in the organization must patched and it does not have any unsecured
servers in it. The security of the organization fails when the malicious code in the internet
starts downloading with the system and affecting the information in it. The external hackers
can easily attack the data in the organization since it is very sensitive in nature. The internal
and the external hackers are the two types of hackers for an organization. The third party
hackers are the external hackers and the employees in the organization are the internal
hackers. The intruders used to steal the information from the organization and sells it to the
third party hackers[ CITATION Vir17 \l 16393 ]. The mobile devices must not access the
confidential or the corporate data by the employees, which paves a way for the hackers to
take away the data from the devices. The software integrates the bugs which bypasses the
security controls over the organization. The injection is the main vulnerability in the
organization which used to inject the malicious code in the websites used by the organization.
The SQL injection uses the searching keywords for querying a database. The organization
does not have the proper way to protect the confidential data and the employees are very
reluctant over the work in the organization. The security control mechanism has to use for
making the correct infrastructure for the organization. Hence, these are some of the threats
and the vulnerabilities that have been faced by the organization.
CONSEQUENCES IN ORGANIZATION
The improper features in the organization are the main consequences that used to
develop the threats and the vulnerabilities that exploited by the hackers easily in the weak
state of the resources. The software developed by the organization created with the malicious
code when there is no proper security and the threats found in the software can be eliminated
secure measures and makes the confidential data to be destroyed in the system. The
vulnerabilities makes the security in the weaker way and makes the threats to attack the
information. The confidential data is attacked by the hackers with ransomware virus and
make them to pay the ransom that used to release the confidential information. The
organization needs to encrypt the confidential information with all the security techniques.
The innovative software which developed by the organization need to integrate all the
security features and techniques. The organization must not share the confidential password
with the employees in the organization only the authorized person need to carry those
passwords. The unique id and the password help in reducing the hacking process. The system
can be easily hacked when all the users use the same password and this is the main
consequences for the organization.
The employees in the organization are the main cause for the security risks. The role
and the objective of every employee must be known by them while developing then software
for the innovative purpose. The every organization used to face the insiders which are the
important threats caused by the employees in the organization. The employees used to attack
the data stored in the organization. The credentials and the information about the every
employee is checked for mitigating the risks which used to cut the connection of the
employees when their activities are in unwanted ways. The organization has used to exploit
the monitor, management and the control which used to prevent the previlaged credentials in
the organization. The security risks are created by the employees who are very careless in the
organization. The hackers hack the system which is not locked by the careless employee in
the organization[ CITATION Sur151 \l 16393 ]. The database can be easily opened by the hackers
when the system is not locked in the organization. The employee in the organization must not
share the passwords with others and they should not keep the weak passwords for the
organization. The unauthorized websites also a risk which are visited by the careless workers
and unconsciously the threats are downloaded that occurs the unwanted problem for the
organization. These kinds of problems are easily analyzed and solved by keeping strong
passwords for the domain id of the employee and make them to encrypt the confidential data
in the system. The mobile devices mainly used to access and share the data which makes the
users to neglecting the passwords in the devices. The bring your own device used to monitor
the actions performed by the employees and educate them with the best device expectation
process. The above given are the some of the risks which are mitigated for the organization.
CONCLUSION
Let us conclude in this report, that the reputation of the organization is based on the
innovative software which is created by them. The software need to be created with all the
security mechanisms and the clients need to be attracted to the process. The organization
must identify the threats and the risks before starting the development of the software. The
security techniques are applied to avoid and eliminate the unwanted issues in the
organization. The requirements and the needs of the software are given clearly in the report.
The report shows the risks and the ways to mitigate the risks for the organization. The impact
of the information technology shows the importance of the technology for the organization
while software development. The security measures are shown with the protection
mechanism of the organization. Therefore, the given report shows the importance of the risk
assessment and the development of the software.
REFERENCES
Alhassan, M. M. (Jan 2017). Information Security in an Organization . International Journal
of Computer , 100-116.
Ali, A. (Feb 2017). Database Security: Threats and Solutions. International Journal of
Engineering Inventions , 25-27.
Bajtoš, T. (Feb 2018). Network Intrusion Detection with Threat Agent Profiling. Security and
Communication Network , 1-18.
Mushayt, O. S. (July 2013). Threats and Anti-threats Strategies for Social Networking
Websites. International Journal of Computer Networks & Communications , 53-61.
Prakash, S. (Jan 2015). Mitigation strategies for risk management and sustainability in supply
chain. National Conference on Sustainable Manufacturing , 1-15.
Tasril, V. (August 2017). Threats of Computer System and its Prevention. International
Journal of Scientific Research in Science and Technology , 448-451.