Fill in Order Details

  • Submit paper details for free using our simple order form

Make Payment Securely

  • Add funds to your account. There are no upfront payments. The writer will only be paid once you have approved your paper

Writing Process

  • The best qualified expert writer is assigned to work on your order
  • Your paper is written to standard and delivered as per your instructions

Download your paper

  • Download the completed paper from your online account or your email
  • You can request a plagiarism and quality report along with your paper
Posted on by admin

Threat Assessment

Threat Assessment

Name:

Course/Number:

Date:

Instructor Name:

Threat Assessment

Information Security is a key issue to be considered in every organization. Having information security measures implemented in an organization does not ensure protection to your information. Nevertheless, having standards or policies to ensure security to information is simply the best start in ensuring information security. This way, an organization will have a way forward into studying what threats they may face or they are facing and then set the measures that will manage their systems securely. This paper shows the threats the organization is facing or may encounter and what measures can be implemented to safeguard the organization’s information systems.

According to Maiwald, information Security comes from two words; Information and Security. Information is useful data collected and kept in communication systems like computers to be used for different purposes. On the other hand, security is protecting something from danger or threats (2004, p. 6). Therefore, the term Information Security is all about implementing measures that protect the organization’s data from any threat. These information Security threats are there, and they can harm any information security system. It is an organization’s strategy to protect its information systems against them.

According to Staub, Goodman and Baskerville (2008), before attempting to implement any security measure, a strategy should be set. This process involves examining what values and purposes in terms of external and private environment that the organization has. Plans and goals should be set during this process. This process helps to find out with what level of protection is available in the organization. This is by first carrying out an investigation regarding the information security system. The second task will be determining what security measures to implement and determine if it will be beneficial to the organization’s security if adopted. The third step is creating the formulae of how to apply the security measures into the organization’s security system (p.18).

Carrying out a thorough assessment of the threats known as threat assessment is essential in evaluating risks to the organization. This process helps in coming up with what is happening in terms of information security. Information about the threats facing the organization’s information system, security measures already implemented, possible threats and the way to improve the security. It can mean creating additional security measures or simply improving what is there. Additionally, according to Straub et al (2008), during the assessment process, it is advisable to take into account the activities and security environment of the organization in order to implement the security measures that comply with it. In terms of the security environment, an organization dealing with critical information will need strong security policy (p.24). This process is essential in that it helps in coming up with a complete program for the Information security system.

According to Bonnette (2003), assessing threats involves examining the possible causes of threat and determining their chance and consequences to the information system. During this assessment, five types of evaluation can be done. There is the system level which examines the computer systems. The second is network level, which examines the computer network. The third is organization level where the organization is thoroughly analyzed to find any possible threat within. The fourth are the audit policies and how the organization abides by them. The last is a test to the organization’s ability to respond if there is an intrusion. Threat analysis is extensive and information vulnerability should be considered during the process. In essence, there is a relationship between risk, threats and information vulnerability. Risk is certainly a cause of threat acting on a vulnerable entity (p. 5).

Securing the Information System is managing the risks. Therefore, it is essential to understand the risks in an organization’s information system. Failure to understand may lead to misuse of resources. When a risk is identified, then the value of information is also identified and its system. This whole process is risk management (Maiwald, 2004, p. 135).

Risk management is critical in every organization in the digital era as each tries to protect information systems. According to Stoneburner, Goguen and Feringa (2002), risk management is critical in terms of a successful security program. The process should attempt not only to protect organizational information but also its ability to carry out its operations. This process is a critical function in the management of the organization (p. 7).

Maiwald (2004) defines risk as a chance to be attacked and, therefore, a need for protection. Vulnerability is the potential entity to be attacked. In an organization, this can be the computers, networks or organizational policies. Information transmitted over the network can also be accessed. Therefore, consideration should be put into all vulnerable entities and not just the computer systems. On the other hand, a threat is an action that breaks the information system security. Threats can be Targets, Agents or Events. Targets are the entities vulnerable to the threat. Agents are the sources of the threat while the events are the actions that pose to be a threat (p.134-135).

In most cases, agents of threats are people who want to explore the targets like confidentiality, integrity, accountability and availability. These Agents have the ability to access the target, they have knowledge of the target, and that have a reason to access the target. Mostly, they can gain access to the target simply because they might have an account to get into the system, or they might get in indirectly. Sometimes, the agents may have knowledge of the target like passwords, file location, network addresses, employee names and other useful information. These agents have three main reasons why they get into the systems unauthorized. They might be greed, with malicious intentions, and others do that as a challenge, trying to prove something. An agent might be an employee, ex-employee, commercial rival, hackers, terrorists, customers, criminals, the general public or natural disaster like earthquakes (Maiwald, 2004, p.137-138).

Information can be tampered with in different ways. This can be abuse of authorized access to the system, malicious or accidental alteration to information, unauthorized access, malicious or accidental destruction, malicious software, hardware and software theft, internal and external communication eavesdropping and natural disasters. Threat plus vulnerability is equals to risk; therefore, risk is simply a combination of threats and vulnerable entities (Maiwald, 2004, p.139).

Risk can be defined to be low, medium or high. A low risk is where vulnerability of information is at risk, but it is unlikely to happen since the control measures will prevent it. The other level is medium. In this, the threat poses a significant risk to the information system, and it is advisable to have controls to remove it. The third level is high. In high level, the threat poses a serious danger to the information’s confidentiality, integrity, availability and accountability. Safety measures should be taken immediately to remove the threat. When trying to remove a threat within the system, take into account the consequences, for example, the costs of applying a corrective measure in the risk level (Maiwald, 2004, p. 139).

Maiwald (2004), identification of the risk involves identifying the threat and vulnerabilities. Measuring the risk level is also done to help in the security program. This way it can help prioritize the risks to handle first. Identification of vulnerabilities is extremely important in order to determine the risk. This is done by checking all the access points to the system and information. Internet connections, remote, wireless and users access points, physical access to facilities and connections to the outside are the areas to check. Identifying how information is accessible through this access points and the possible vulnerabilities. The next step is identifying the threats. It is a complex task but attempting to identify the specific and targeted threats will make it easier. Possible areas of breach into the security system should be examined, and security controls implemented to determine if the vulnerability exists. Countermeasures can be implemented, and they can include firewalls, anti-virus, access controls, badges, card readers, guards, encryption, intrusion detection system, and two factor verification systems. With all this determined, it is easy to determine the level of risk facing the security system of the organization. It will also help in measuring the risk. This is done by checking the cost incurred on the organization after the attack. The cost can be in terms of resources affected, loss to the organization, and the reputation caused by the attack (p. 139-147).

Whenever threat assessment is carried Maiwald (2004), there are key areas to examine to find the problem of security in an organization. They include; the network; physical security; the organization’s policies and protocols; employees and their awareness towards security measures; attitude of employees; precautions set in place; the organization’s business; how employees comply with the rules and procedures (p. 154-160).

After all information is gathered, then the security team can analyze the information can come up with better measures. According to Maiwald (2004), development of policies and procedures will be created to define expected state of information security within the organization. Policies and procedures are extremely valuable when it comes to security. If the organization already has them, then an update on them should be done. The policies are then implemented to be effective. A security reporting system can also be implemented to monitor and track to ensure policies are adhered. Authentication systems should also be created to provide identification of users before they use the system. Internet security measures like firewalls, virtual private networks are introduced to prevent threats related to the Internet. Intrusion detection systems to alert incase of intruders and security staff be employed. Another key step is creating awareness to the staff and ensures everyone is trained on conduct and use of the system. The final step is creating a conduct Audit to ensure that the policies and controls are configured well (p. 160-168).

In conclusion, threat assessments are particularly important in any information security system of an organization. In most cases, they are never conducted well since many do not consider this process important. This leads to failure in information security. This procedure should be consistent within any organization because threats will always be there to attack the systems. The assessments should also be documented for future use.

References

BIBLIOGRAPHY l 1033 Bonnette, C. A. (2003). Assessing Threats to Information Security in Financial Institutions. 5.

Straub, D. W., Goodman, S. E., & Baskerville, R. (2008). Information Security. Policy, Processes, and Practices , 18.

Stoneburner, G., Goguen, A., & Feringa. A (2002). Risk management Guide for Information technology Systems. 7.

Maiwald, E. (2008). Fundamentals of Network Security. New York: McGraw Hill.

ORDER A SIMILAR PAPER AND DELEGATE FULFILMENT OF YOUR ASSIGNMENT TO EXPERT ACADEMIC WRITERS. PLAGIARISM-FREE, GUARANTEED A, TIMELY DELIVERY.

strategic planning visioning session

WHAT OUR CURRENT CUSTOMERS SAY

  • Google
  • Sitejabber
  • Trustpilot
Zahraa S
Zahraa S
Absolutely spot on. I have had the best experience with Elite Academic Research and all my work have scored highly. Thank you for your professionalism and using expert writers with vast and outstanding knowledge in their fields. I highly recommend any day and time.
Stuart L
Stuart L
Thanks for keeping me sane for getting everything out of the way, I’ve been stuck working more than full time and balancing the rest but I’m glad you’ve been ensuring my school work is taken care of. I'll recommend Elite Academic Research to anyone who seeks quality academic help, thank you so much!
Mindi D
Mindi D
Brilliant writers and awesome support team. You can tell by the depth of research and the quality of work delivered that the writers care deeply about delivering that perfect grade.
Samuel Y
Samuel Y
I really appreciate the work all your amazing writers do to ensure that my papers are always delivered on time and always of the highest quality. I was at a crossroads last semester and I almost dropped out of school because of the many issues that were bombarding but I am glad a friend referred me to you guys. You came up big for me and continue to do so. I just wish I knew about your services earlier.
Cindy L
Cindy L
You can't fault the paper quality and speed of delivery. I have been using these guys for the past 3 years and I not even once have they ever failed me. They deliver properly researched papers way ahead of time. Each time I think I have had the best their professional writers surprise me with even better quality work. Elite Academic Research is a true Gem among essay writing companies.
Got an A and plagiarism percent was less than 10%! Thanks!
prevnext

ORDER NOW

CategoriesUncategorized

Consider Your Assignments Done

“All my friends and I are getting help from eliteacademicresearch. It’s every college student’s best kept secret!”

Jermaine Byrant
BSN

“I was apprehensive at first. But I must say it was a great experience and well worth the price. I got an A!”

Nicole Johnson
Finance & Economics

ORDER NOW

Our Top Experts

See Why Our Clients Hire Us Again And Again!


OVER

10.3k
Reviews

RATING
4.89/5
Average

YEARS
13
Mastery

Success Guarantee

When you order form the best, some of your greatest problems as a student are solved!

Reliable

Professional

Affordable

Quick

See our Results

ORDER YOUR ASSIGNMENT NOW

Using this writing service is legal and is not prohibited by any law, university or college policies. Services of Elite Academic Research are provided for research and study purposes only with the intent to help students improve their writing and academic experience. We do not condone or encourage cheating, academic dishonesty, or any form of plagiarism. Our original, plagiarism-free, zero-AI expert samples should only be used as references. It is your responsibility to cite any outside sources appropriately. This service will be useful for students looking for quick, reliable, and efficient online class-help on a variety of topics.