IT Security and Landscape Technology †Free Samples for Students

Question: Discuss About The IT Security And Landscape Technology? Answer: Introducation A crisis is ongoing for the past few years related to the security of information technology in various industries. The development in technology has been equally countered by the growing rate of cyber crime and its quality. That is why, a complete security tool is never truly achieved that will provide total protection from all sorts of cyber threats. The cyber criminals seem to stay one-step ahead of those who fight against them. This is business , the developers always think of developing point protection tools that suites their competency. For example, a network developer emphasises security in the network level and develops a network security tool (Jaferian et al., 2014). Similarly, an applications security developer creates and deploys a security tool that protects a device in its application level. Lastly, the groups entitled for the security of computing devices like PC and mobile phones is concerned only with end-point protection and develop security tools accordingly. This has created a major problem as the customers fail to get what they need from the security providers. The incompatibility of the security tools among each other protecting various aspects of a device often provide the window required by the cyber attackers to breach the defence. In order to change this scenario the point of view of the security providers need to change and a holistic approach needs to be adopted like the merging of security and analytics through implementation of emerging promising technologies like Hadoop, advanced data security intelligence and cloud (Rahman, Hidayah Choo, 2015). IT Security Models and Access Controls The growing cyber threat in the present world of technology have raised the need for the implementation of more and more complex protection models and methods to the system. One of the basic process of protection is access control. The purpose of access control is to grant a specific individual some specific set of permissions that are required to gain access to a specific location of a device or any specific information (Jin, Krishnan Sandhu, 2012). A scenario can illustrate this where a person needs to open a door to a room, which is locked, and the individual do not have the key to it. Providing the key to the door of the room will allow that specific individual to unlock the door and gain access to the room. In the field of technology, this operation is achieved by providing the user with a username and password that the user will only know and that will grant access to the required information only to the user. There are four models of an access control, which are Mandatory Acc ess Control (MAC), Discretionary Access Control (DAC), Rule Based Access Control (RBAC or RB-RBAC) and Role Based Access Control (RBAC) (Jin, Krishnan Sandhu, 2012). The MAC provides the owner and the custodian only the management of the access control. There are two security models associated with MAC, namely, Bell-LaPadula and Biba. The DAC permits a user full control over any device owned by the user along with all the programs and components associated with the device. The RBAC allows a user access based on the role played by the user in an organisation. The RB-RBAC sets the access for the user dynamically based on the criteria defined by the system administrator. Apart from the four accesses, control models stated above there are two methods of access control known as logical and physical access control method (Almutairi et al., 2012). IT Security Threat and Risk Assessment The purpose of a threat and risk assessment is to give suggestions to a user that enhances the security of confidential information or content without affecting the functional aspects or usability of the system (Rausand, 2013). Risk assessment can be performed using both internal and external resources in an organisation. The key factors in assessment of threat and risk are as follows: Scope The scope allows an analyst to understand the gaps that need to be covered in a risk assessment. It recognises the vital aspects that need protection and the extent to which it is to be protected (Behnia, Rashid Chaudhry, 2012). Data Collection The process of collection of data includes acquiring all the existing procedures and policies and recognising those are missing or is unaccounted (Behnia, Rashid Chaudhry, 2012). Policy and Procedure Analysis The analysis and assessment of the current procedures and policies is performed to measure the compliance level within the organisation. Sources for compliance of policy that is can be used are ISO17799, BSI 7799 and ISO 15504 (Behnia, Rashid Chaudhry, 2012). Analysis of Vulnerability This method helps analyse the recognised information that is acquired and assess the sufficiency of the protection that is currently in operation and if any more safe guard is required (Behnia, Rashid Chaudhry, 2012). Threat Analysis Threat can be described any sort of harm that can cause interruption, tampering or destruction of any item or service that carries value. Analysis of threat involves the search and detection of such aspects and assessment is done to find possible solutions to such threats (Behnia, Rashid Chaudhry, 2012). Acceptable Risk Analysis The purpose of this sort of analysis is to recognise the protection that is currently being used and the validity of such safe guards. In case the safe guard is found to be insufficient for protection then it is identified as vulnerability (Behnia, Rashid Chaudhry, 2012). References Ab Rahman, N. H., Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers Security, 49, 45-69. Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A. (2012). A distributed access control architecture for cloud computing. IEEE software, 29(2), 36-44. Behnia, A., Rashid, R. A., Chaudhry, J. A. (2012). A survey of information security risk analysis methods. SmartCR, 2(1), 79-94. Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., Beznosov, K. (2014). Heuristics for evaluating IT security management tools. HumanComputer Interaction, 29(4), 311-350. Jin, X., Krishnan, R., Sandhu, R. S. (2012). A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. DBSec, 12, 41-55. Rausand, M. (2013). Risk assessment: theory, methods, and applications (Vol. 115). John Wiley Sons.