Professional Documents
Culture Documents
IT Security and Risk Management
IT Security and Risk Management
IT Security and Risk Management
How do organizations identify and address vulnerabilities? Illustrate how a firewall plays an
important role in protecting networks from unauthorized access.
Ans.
Vulnerabilities –
Threats –
In information security, a threat refers to any potential danger or harmful event that can exploit a
vulnerability and cause harm to a system, organization, or individual.
These threats can be malicious actors (hackers), malware (viruses, worms), natural disasters
(floods, fires), or even human error.
Threats can be intentional or unintentional in nature.
o Intentional Threats - Intentional threats are deliberate actions or attacks carried out by
threat actors with malicious intent. These can include cyberattacks, such as malware
infections, malicious code or SQL injection attacks, ransomware, phishing attempts, and
distributed denial-of-service (DDoS) attacks.
o Unintentional threats - Unintentional threats originate from human error or accidental
actions that can lead to security breaches. These threats include accidental disclosure of
sensitive information or falling victim to social engineering tactics.
o Natural and Physical Threats – In information security, natural and physical threats are
dangers that can harm your computer systems and the data they store. For example,
fires, floods, power failures, and other disastrous situations
Countermeasures in information security are actions taken to reduce the risk associated with
vulnerabilities and threats.
These actions aim to mitigate or eliminate the potential for threats to exploit vulnerabilities
Role of firewall –
A firewall is a network security device that monitors and filters network traffic based on an
organization's security policies.
As firewall is one of the most critical and important part of the network, it plays a vital role in
securing the network perimeters of an organization. Firewall is usually placed at the boundary of the
internal network of an organization in order to protect the network traffic and information flow.
Suppose there are three floors in an organization where in the users are seated and working. There is
a common router within the network to provide internet access to all the users. Now the firewall is
placed or installed right in between the router and the internet or we can say WAN. Here, firewall
plays an important role in regards to network security. Firewall placed between the internet and
router will be primary gateway for the data to flow in and out of the organization.