New! Hire Essay Assignment Writer Online and Get Flat 20% Discount!!Order Now

ITC596 IT Risk Management

Published : 14-Sep,2021  |  Views : 10


Discuss are provided within the first 3 topics.These questions are posed for you to reflect on in the form of written Discussion Board (forum) posts.As this is a postgraduate course, it is expected that your written responses will provide you an opportunity to express your personal and professional views. There are no correct answers, however the way you justify your answers with validated evidence is key to this activity.
Post your forum entries as you are prompted within the topics. Your Subject Co-ordinator will respond to your first forum post, and monitor and moderate as required the remaining 2 posts.You must curate, collect and save your responses in a word document to be submitted on Turnitin. This activity's final mark will be provided prior to the final assessment item.


 IT landscape mainly refers to a set of software and hardware elements that are arranged in a specific configuration for serving as a fabric for supporting the entire business operation of an enterprise. The intellectual property as well as different types of patents that are associated with the sources of business intelligence is very much difficult as well as complex to understand (Carver, Minku & Penzenstadler, 2017).  It is identified that with the pace of innovation, the traditional system of technology landscaping as well as state patent maps that does not work properly because they become outdated after their completion. The term technology landscapes have different meaning for different business. A technology landscape is not one to one solution for any IP goal as it is dependent on various strategies of business.

Information security is defined as a set of strategies that helps in managing the procedures, tools as well as policies that are very much important for preventing, detecting threats related with digital as well as non-digital information (Porter & Heppelmann, 2015).  The main objective of the companies is to maintain confidentiality, integrity as well as availability of various It systems as well as business related data. The classic model for information security generally discusses the objectives of security, which are provided below:

 To maintain confidentiality: Confidentiality is defined as procedure that mainly helps in protecting information that is being accessed by authorizing parties.

To maintain integrity: Integrity mainly helps in ensuring appropriate authenticity to the information (Miller & Skinner, 2015).

To maintain availability: It mainly means that various types of information is only accessible with the help of the authorized users.

The severity mainly elaborates the consequences as well as potential loss from various types of IT related risks. It mainly illustrates the extent of damage it does to the organization, its people as well as on the goals as well as objectives that result from a risk event occurring.

There are number of ways that helps in reducing as well as managing the risk of the people. It is identified that in order to manage IT related risk, number of strategies as well as methods requires to be adopted by the organization (Porter & Heppelmann, 2015).  The strategies as well as methods include avoiding the risk, accepting risk, transfer the risk, mitigate the risk and exploit risk.

2. IT security Models and Access Controls

 IT Security model is defined as one of the scheme that helps in enforcing and specifying different types of security related policies.  It is identified that security model is mainly founded upon a formal model of access rights, a model of distributed computing and upon a model of computation (Loo, Mauri & Ortiz, 2016). Information security models are methods that are mainly utilized for authenticating security related policies that are intended to provide precise set of rules, which are generally followed for implementing the fundamental security concepts, procedures as well as processes.  The models include:

State machine model: The state machine model mainly refers to a system that is present in a very much secure mode regardless of the operational state. According to the model of state machine, a state is considered as a snapshot of a system at some specific moment.

Bell-LaPadula Model: This model was mainly developed for formalizing the U.S department of defence multi- level security policy. It mainly helps in classifying the resources into different levels. The model is mainly dependent on the model of state machine. It also helps in implementing mandatory access controls as well as lattice model (Yang & Jia, 2014).  It is identified that lattice tiers are the level of classification that is utilized by the various security policies of the organization.

 Access control is one of the security techniques that are mainly utilized for regulating the view as well as utilization of resources within the environment of computing. The access control is mainly categorized into physical as well as logical access control. It is identified that physical access control helps in limiting the campuses, rooms, buildings and different physical IT assets. Logical aces helps in limiting connections to various computer networks, data and system files (Van & Jajodia, 2014). The different types of access control mainly include mandatory access control, role based access control, discretionary access controls and rule based access control. It mainly performs authentication, authorization identification, access approval as well as accountability of entities with the help of various login credentials including personal identification number, electronic keys, passwords as well as biometric scans.

3. IT security Threat and risk management

  The various types of IT security are provided below:

  Computer Virus threats: A computer virus is one of the program that is written for altering the approach, a computer mainly activate without using the knowledge or permission of the user. A virus generally executes itself and damages the access of computer in the entire procedure (Webb et al., 2014). The various types of virus threats include Linux/gates, HTML/Iframe.gen.w, Andriod/FakeApp and more.

 Spyware threats: One of the serious computer security threats is spyware threat. It is identified that spyware is one of the program that helps in monitoring various types of online activities or for installing programs without the consent of achieving profit (Gritzalis et al., 2014). It is identified that there are number spyware threats that include CoolWebSearch, 180 searches Assistant, ISTbar/AUdate, Gator, internet optimizer, BlazeFind and more.

Hackers and Predators: It is identified that various hackers as well as predators are the people who mainly victimize others for their own gain by breaking into the computer system for stealing, changing as well as destroying information in the four of cyber terrorism.

Phishing threats: Phishing is one of the important threats that mainly attempts to steal important financial as well as personal information with the help of fraudulent email as well as instant messages (Law, Alpcan & Palaniswami, 2015).  Phishing is a type of attack that helps in stealing the data of the user including various login credentials as well as credit card numbers. It generally occurs when an attacker dupes a victim for opening an e-mail, text messages as well as instant messages.

 The various IT threats can be managed by adopting appropriate methods as well as strategies.  It is identified that IT risk management is the application of the principles of IT risk management to various IT organizations for managing the risks (Gritzalis et al., 2014). It mainly helps in managing the risks that generally come with involvement, influence, operation as well as adoption of various larger enterprises.  The various IT risks are generally managed as per the steps that are provided below:

 Identify risk: In order to manage risk, it is very much important to identify various types of potential threats. This helps to act before something serious happens. Risk identification is one of the procedures that help in determining risks, which could be potentially helpful in determining various types of risks, which could be potentially helpful in preventing the enterprise, investment from achieving its goals as well as objectives.

 Risk assessment: Risk assessment is one of the procedures that help in indentifying various types of hazards that negatively affect the ability of the organization for conducting business. These assessments are very much helpful in identifying different types of inherent business risks that helps in providing measures, procedures as well as controls for reducing the impact of these risks.

 Risk mitigation: Risk mitigation is defined as a method that helps in reducing various adverse impacts of risks. It is identified that there are four types of risk mitigation strategies, which generally hold unique to different disaster recovery, and business continuity strategies (Webb et al., 2014). It is quite important to develop appropriate strategies that are closely related with the profile of the organization.

 Contingency Planning: Contingency plan is defined as one of the plan that is mainly devised for an outcome rather depending on a usual plan. It is mainly devised by various government as well as business for managing an unexpected risk that can create some catastrophic impact.


Carver, J. C., Minku, L. L., & Penzenstadler, B. (2017). Requirements, Human Values, and the Development Technology Landscape. IEEE Software, 34(1), 13-15.

Gritzalis, D., Stavrou, V., Kandias, M., & Stergiopoulos, G. (2014, March). Insider threat: enhancing BPM through social media. In New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on (pp. 1-6). IEEE.

Law, Y. W., Alpcan, T., & Palaniswami, M. (2015). Security games for risk minimization in automatic generation control. IEEE Transactions on Power Systems, 30(1), 223-232.

Loo, J., Mauri, J. L., & Ortiz, J. H. (Eds.). (2016). Mobile ad hoc networks: current status and future trends. CRC Press.

Miller, G. S., & Skinner, D. J. (2015). The evolving disclosure landscape: How changes in technology, the media, and capital markets are affecting disclosure. Journal of Accounting Research, 53(2), 221-239.

Porter, M. E., & Heppelmann, J. E. (2015). How smart, connected products are transforming companies. Harvard Business Review, 93(10), 96-114.

Van Tilborg, H. C., & Jajodia, S. (Eds.). (2014). Encyclopedia of cryptography and security. Springer Science & Business Media.

Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers & security, 44, 1-15.

Yang, K., & Jia, X. (2014). DAC-MACS: Effective data access control for multi-authority cloud storage systems. In Security for Cloud Storage Systems(pp. 59-83). Springer New York.

Get An Awesome Price Quote For Your Paper – Absolutely FREE!
    Add File
    Files Missing!

    Please upload all relevant files for quick & complete assistance.

    Our Amazing Features


    No missing deadline risk

    No matter how close the deadline is, you will find quick solutions for your urgent assignments.


    100% Plagiarism-free content

    All assessments are written by experts based on research and credible sources. It also quality-approved by editors and proofreaders.


    500+ subject matter experts

    Our team consists of writers and PhD scholars with profound knowledge in their subject of study and deliver A+ quality solution.


    Covers all subjects

    We offer academic help services for a wide array of subjects.


    Pocket-friendly rate

    We care about our students and guarantee the best price in the market to help them avail top academic services that fit any budget.

    Getting started with MyEssayAssignmentHelp is FREE

    15,000+ happy customers and counting!

    Rated 4.7/5 based on
    1491 reviews