Information Security Policies and Procedures †MyAssignmenthelp.com

Question: Discuss about the Information Security Policies and Procedures. Answer: Introduction The enhancement of the IT operations in the IT industry have enhanced the groeth in the market. The protection of data and information in the business organization has been an integral part of the business organization. This report deals with the IT security models and controls, IT threat and risks management and IT security landscape. This report also outlines these three topics for helping in the development of the market. The different techniques for starting the risk assessment process has been discussed in the report. The maintenance of the data and information of the business organization in the market has been an important topic in the market. The data and information of the company in the market has been an important asset for the company (Ackermann, 2012). Therefore, the privacy of the da6abans information is important for the company. The cyber-insurance of the data and information has been done by the company to receiver the data incase f any loss due to the cyber-attacks. The cyber-attacks in the database server causes a huge loss of the data and information loss in the company (Bojanc, Jerman-BlaÃ… ¾i?, 2013). There are different security protocols installed in the database server of the company that helped in maintaining the security of the data and information of the company. On the other hand, Rieke et al., (2012) argued that the lost data and info ration cannot be recovered. The total data and information of the company cannot be regained. Therefore, the IT security protocols have foc used on the maintenance of the data and information of the company. IT security models and access controls The various types of access control models has been used in he report that helps in maintaining the security of the data and information in the company. The Role-based Control (RBAC) model functions the roles for helping the users in finding their respective jobs in the server of the company. The model was developed for overcoming the problems in the administration encountered in the big commercial companies. The main part of the decision making process is managed by the RBAC model (Jaferian et al., 2014). This model has a hierarchical concept that helps in analyzing each step of the decision-making process model. The main role of the RBAC model is to maintaining a systematic approach of analyzing the data and information of the companying the market. This model relates with the cost benefit analysis of the company in the market. The data security and privacy has been maintained by the hierarchical approach of the model. The model helps in maintaining the cyber-attacks and its prevention policy. On the other hand, Rieke et al., (2012) argued that due to the collection of the huge data and information, the model is unable ti handle th is data and there are gaps in the security and privacy of the data. Therefore, the hackers can easily penetrate into the cyber the entire database server of the company. This causes a huge loss of data and information of the company. IT security Threat and risk assessment The IT security and threat management is an integral part of the company to be measured. There are various risks are mentioned below in the table. Human Non-Human Hackers Theft (electronically and physically) Non-technical staff (financial/accounting) Accidental Inadequately trained IT staff Backup operators Technicians, Electricians Floods Lightning strikes Plumbing Viruses Fire Electrical Air (dust) Heat control Table 1: List of Risks The risks are mentioned in the above table that are causing the cyber-attacks in the company. The risk assessment method that helps in identifying the risks and security treats in the company. This risk assessment helps in maintaining the various aspects of the risk management process if the company. There are various levels of risks involved in the company including the high-level, medium-level and low-level risks (Peltier, 2016). This categorization of risks have helped in analyzing the severity of the risks in the company. The vulnerability of the risks in the company can be measured with the help of risk assessment method. There are various methods to control the cyber-attacks in the company. The use of the updated firewalls and anti-viruses software helps in restricting the viruses and malwares form entering into the databases of the company. The unauthorized users are blocked from entering into the firewall of the database of the company (Vacca, 2012). A proper risk management process helps in maintaining the security of the data and information of the company over the interest. The hackers are restricted from entering the firewall and databases of the company. Conclusion It can be concluded that the use of the risk management process in the company helps in mitigating with the risks involved in the company. The cyber security is an integral part of the company for securing data and information. The data breach causes a huge loss to the company in the market. The RBAC model has helped in maintaining the hierarchical order to analysis the security level of the data and information in the company. References Ackermann, T. (2012). IT security risk management: perceived IT security risks in the context of Cloud Computing. Springer Science Business Media. Bojanc, R., Jerman-BlaÃ… ¾i?, B. (2013). A quantitative model for information-security risk management. Engineering Management Journal, 25(2), 25-37. Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., Beznosov, K. (2014). Heuristics for evaluating IT security management tools. HumanComputer Interaction, 29(4), 311-350. Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., Gaber, C. (2012, October). Security and Reliability Requirements for Advanced Security Event Management. In MMM-ACNS (pp. 171-180). Vacca, J. R. (2012). Computer and information security handbook. Newnes.