Correction to project 2
Running Head: RISK ASSESSMENT SUMMSRY REPPORT
1
RISK ASSESSMENT SUMMSRY REPPORT
5
Risk Assessment Summary Report
Sylvie Ebangha Agbor
University Of Maryland Global Campus
Professor Richard Owen
02/03/2022
POLICIES, PROCESSES, AND TECHNOLOGIES USED TO IDENTIFYING AND ASSESSING RISKS AND MANAGING MITIGATION STRATEGIES.
Conducting an assessment of the risk to identify vulnerabilities is always the first step in cyber security risk mitigation that helps uncover possible potholes in the control security organization. The assessment will give more insight into the assets that need protection and security. With the help of the organization's IT security team, they will identify the more vulnerable areas that would be easily exploited. Secondly, establishing a network access control is done after accessing your assets and selecting the highly vulnerable areas. The next step is to develop a network access control that will boost the mitigation of the risks and threats—implementing firewalls and software containing antivirus. Installation of firewalls and software that prevent antivirus is a cyber-security risk mitigation policy. The defense in technology will have your computer network having additional barriers (Ghadge, A., Weiß, M., Caldwell, N. D., & Wilding, R. 2019). Firewalls and antivirus software will safeguard the outside environment and your network, preventing your network from malicious attacks. The traffic of the network should be continuously monitored. This will make real-time detection of threat and risk mitigation of security cyber security and, lastly, build an incident responding plan. Both the IT team and other employees should be made responsible for any data breach or attack; with this, the employees will become much more proactive when the need arises.
CYBERSECURITY RISKS ASSOCIATED WITH SOCIAL MEDIA.
Attackers mostly use social media accounts to give them space to impersonate trusted brands or the information they need through social engineering, brand impersonation, and phishing. An attacker can use social engineering to trick the employee by asking them to send private data or providing credential information about the organization, which will lead to data loss. An attacker can use phishing to collect information in social media by emailing messages to employees into clicking of links or by sending private data (Thakur, K., Hayajneh, T., & Tseng, J. 2019). Using employee brand names, the attacker might trick clients that the requests are from the real brand. Thus tricking customers into giving out personal information and account credentials.
LEAST PRIVILEGE, SEPARATION OF DUTIES, AND MANDATORY VACATION AS A MEANS OF MANAGING RISK.
The least privilege and separation of duties are IT security concepts that are important in the curbing of frauds and threats by employees and the users of the system that are authorized. The least privilege principle states that a person should only be given the undressed minimal access needed to conduct their functions. It is applied in both data and processes of the system. The privileges will allow the reader to read the information, write or create and do The separation of duties principle states that no individual should have all of the rights to complete an analytical function of business by themselves. Thus, the analytic business function must be subdivided into discrete tasks and users who are appropriately granted the privilege. By involving more than one employee, the separation of duties will help prevent fraud and abuse.
APPLY RISK MANAGEMENT THROUGH THE IMPLEMENTATION OF MULTILEVEL SECURITY.
A security policy is the set of laws, practices, and rules that regulate the activities of an organization, protecting and distributing data that are sensitive. For accountability, there is a need that each security-relevant event to be associated with a subject. Multilevel security is a security policy that categorizes data and users built on a system of security levels that is hierarchical, integrating with a non-hierarchical approach. A multilevel security policy has two goals. One, the controlling must prevent unaccredited persons from getting access to higher information than their classification of authorization. Secondly, the controls must block persons from revealing information.
REFERENCES
Ghadge, A., Weiß, M., Caldwell, N. D., & Wilding, R. (2019). Managing cyber risk in supply chains: A review and research agenda. Supply Chain Management: An International Journal.
Thakur, K., Hayajneh, T., & Tseng, J. (2019). Cyber security in social media: challenges and the way forward. IT Professional, 21(2), 41-49.