(v)assigment

Technology advancements have brought about enormous benefits to organizations. However, technological developments have also brought about some challenges to organizations. Cyber-attacks are a severe concern to organizations as they expose the network systems to attacks that can harm the organization's data and reputation and lead to financial losses. An organization is exposed to various cyber-attacks, including phishing, malware attacks, the man in middle attacks, denial of service attacks, and SQL injections.

The risk analysis and management plan recommended by the team offered good strategies that could help guard the organization's network systems against cyber-attacks and unauthorized access. However, with the advancements in technology, the proposed measures could, with time, be exposed to the risk, allowing the cyber attackers to bypass the security measures proposed by the team and access the organization's network systems. Therefore, it is for this reason that a company must keep its security measures updated and occasionally reviewed to check for any security gaps in the network system that may require filling. The proposed risk management plan had various weaknesses that could expose the organization's network systems to cyber-attacks. However, these weaknesses can be mitigated, thus leading to the effectiveness of the proposed measures.

For instance, to ensure that encryption is effective in guarding the organization's computer software, the organization would have to encrypt in layers, exercise proper encryption, secure encryption keys and use new encryption ciphers. Moreover, data backup can be enhanced by using different backup locations, limiting access to backup data, and protecting backup media devices. In addition, educating the employees on cyber-attacks regularly will help keep them up to date with the latest measures and techniques that cyber attackers may try to use in conducting cyber-attacks. This will help the organization to guard itself against the risk of unauthorized access.

Also, regular system audits will help to deter cyber attackers. To enhance the effectiveness of regular system audits, experienced personnel should be tasked with system audits to help discover emerging security gaps in the system and recommend their filling to the organization's management so as not to expose the organization's systems to cyber-attacks. Restricting the rights of the admin will also be beneficial in reducing the risks of cyber-attacks. This can be done by ensuring a default setting in the organization's systems that automatically removes the admin rights. Another important measure that will ensure the security of the organization's systems is limiting the access rights of the staff to ensure that employees only access the necessary information. Finally, acquiring advanced technology will promote the security of the organization's computer systems. Keeping the organization's technology updated reduces the security gaps in the organization's systems, thus ensuring the security of the organization's systems is adequate.

Proposed Solutions 

           Several solutions can be implemented to overcome the weaknesses highlighted in the proposed security measures.

Encryption and data backups

           The weaknesses in the encryption and data backup strategies can be improved through the following measures:

· Encrypt in layers

· Exercise proper implementation of encryption

· Secure encryption keys 

· Ensure use of new encryption ciphers

· Use different backup locations

· Limit access to backup data

· Protect backup media devices

Employee education

           The weakness of employee education is that the threats are constantly evolving, and attackers will always devise new methods, tools, and techniques for use in their attempts to get past an organization's security measures. However, this weakness can be mitigated by regularly training and educating the employees on the advancement in cyber-attacks and how to overcome new threats (Conteh & Schmick, 2016).

System audits

           System audits should be done regularly. A complete system audit by experienced experts will help unearth any security gaps in the organization's systems that may arise due to the sophistication and evolvement of cyber-attackers strategies.

Limiting admin rights

           Unrestricted admin rights can increase the risks of unauthorized access. It is, therefore, essential to control the admin's rights by ensuring the system is set to default setting to remove the admin's rights automatically. Limiting admin rights can lead to low morale. However, educating the admin on the benefit of limiting their rights can help overcome the risk of low morale and mistrust by letting them understand that the measure is aimed at the organization's best interest (Ahanger & Aljumah, 2018).

Restricting the amount of information accessed by employees

           Employees need only to access the information they require. Access to information that is not necessary to the employees may increase the chances of unauthorized access and data leaks. Letting the employees know the limit of the data they can access in advance will help reduce the risk of developing a sense of mistrust within the organization.

Advanced technology

           Advanced technology reduces the security gaps in the organization's network systems. The organization's management should ensure that their organizations have the latest technologies to promote the security of their network systems. 

Goals

           The above-proposed solutions are aimed at promoting the security of the organization's network systems. The implementation of the above proposals will reduce the chances of cyber-attacks, thus ensuring the effectiveness of the organization's computer systems for an effective and efficient running of the organization's processes.

Action steps

           The following actions can be implemented to promote the effective implementation of the above proposals:

· Conduct workshops for employee pieces training on cyber security

· Hiring experienced experts for conducting system audits

· Replacing admin rights with the principle of at least privilege

· Require authorization for the employee to access various categories of information

· Allocate funds for acquiring and updating the organization's computer technology

Protocols

           The following network security protocols can be used to promote the security of an organization's computer systems:

· IPsec and VPNs

· SSL and TLS

· Application Transparent Transport Layer Security

· Kerberos

· OSPF authentication

· SNMPv3.

Resources

To ensure there is security of the organization's system, the following resources are necessary:

· Trained staff

· Advanced computer technology

· Installed firewall performance

· Advanced endpoint detection

· Updated passwords

· Virtual private networks

References Ahanger, T. A., & Aljumah, A. (2018, 11 01). Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms. Retrieved 04 09, 2022, from IEEE Xplore: https://doi.org/10.1109/ACCESS.2018.2876939 Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity:risks, vulnerabilities and countermeasures to prevent social. International Journal of Advanced Computer Research, 31-36.