Professional Documents
Culture Documents
Protecting an information system resource requires an elaborate secirity system and a set of
controls.
A risk assignment determines the level of risks in the company and how that organization can be
able to deal with the risk.
It is important for businesses to identify the risks to their IT systems and date to reduce or
manage those risks and to develop a response plan in the event of an ICT crisis
Business owners have legal obligations in relation to privacy, electronic transactions and staff
training that influence ICT risk management strategies Ict risks may include such things as:
complete
Hackers
Fraud
Password theft
Denial of service
Security breaches
Staff dishonety
Phishing
This is setting up a face website that is desired to look almos like the actual website. The idea of
this attack is to trick the user into enetering the name and password which can then be used for
illegal access.
Pharming
It is more or less like phishing but in this case a hacker re directs traffic from the catual website
to a fake website that is hosted in the server of the hacker.
Jamming
This a kind of threat where a hacker floods a network with fake messages so that it can be made
unavailable making it vulnerable to the security threat
Snooping
It is an unauthorised access to a persons private information. It involve intercepting messages
that are being sent over a network or using a spyware or key logger without.
Tweaking
This is tha ability a hacker to change the identity when they are send information in a network to
tace the user into thinking that they are a particular individual.
Encryption
This method is used to protect messages sent via network from being accessed by unauthorosed
users. It involves scrabbling data using an encryption key that is known to the sender and will be
encrypted by the receiver using a decryption key. This protects messages from being intercepted
and decifered.
Intrusion detection system
This is the system that can scan a network for people that are not on the network but who should
not be there or are doing things that should not be done.
Honey pots
This are computers that are interntonally or unintentionally left vulnerable to attack by
hackers.this is normally used to check on the areas of vulnerability of a system and find ways of
dealing with the vulnerabilities.
Digital certificates
It is an electronic card that establishes the creadentials of users when transacting on a network. It
will contain the name, serial number and the expiry date of the copy of certificateholder. Their
certificate will be required anytime a user wants to gain access to a netwoek that they can be
authenticated.
Implementation controls
They cover the development and installation of computer software. They ensure that any system
implementation process is within the policies of the organisation.
Data security controls
They ensure that data within the sytem is accurate, complete and free from unauthorised access.
Computer operations controls
They ensure the use of computers by authorised users within the policies of the organization.
Administation controls
The cover the general management of information systems and include segregation of duties and
raining.
Application controls
Those controls govern specific applications. They will control how a prticular application will
run on the system and will be classified as:
Input controls
They check all data accuracy and completeness when they are entered into the system.
Processing controls
They establish that data is accurate and complete during updating
Output control
They ensure that the results of computer processing are accurate complete and properly
distributed.
This is the process of collecting information of the risk and developing a risk assesment
framework.
4. Determing the appropriate control
This involves identifying the appropiate action to take after the risks have been assessed and
profiled.
5. Review of the controls
This is done to determine the effectiveness of the control that has taken place and to determine
the amount of reduces risk.
6. Documenting the process
The activities of the whole process will be documented so that any future actions related to the
risks can be refered to.
Avoidance
This is the practice of remaining the vulnerable aspects of the systems or even the sytem itself
when the risks are deemed too high costs to be taken and their likelihood to happen are equally
high.