Tuesday, May 5, 2020
Disaster Risk Management and Climate â⬠Free Samples to Students
Question: Discuss about the Disaster Risk Management and Climate. Answer: Introduction In modern world internet has become one of the most powerful tool for business as well as providing services to common people. Due to the use of internet the data flow has become to a large extent in online transaction and other services. Most of the information is confidential as it contains data related to customers personal details and banking details (Aldunce et al., 2015). It is seen that in recent days the information are hacked and loosed due to the attack of hackers and several malicious software. This type of cyber attacks are increasing day by day and making the information system more vulnerable. For this reason organizations dealing with information technology are becoming more and more concerned regarding the security of the information of customers and business entities. To maintain the security of the organizations database it is important to use new technologies and regulations. In this report the IT model is discussed of an organization and the risk and security issues related to it. To overcome the security issues all the regulations and technologies are discussed so that the security of the information is maintained. Analysis of all the possible risk, threats and vulnerabilities are done to understand the security related issues in an IT organization. The IT model of an organization is important to be designed in a planned way so that the organization can make the transaction of information in a advanced and safe way. In most of the cases it is seen that the amount of information is increasing day by day due to the introduction of online services and transactions (Becken Hughey, 2013). As a result information technology is the most important platform for any organization to deal with this situation. More importantly the organizations have to depend upon the IT model for creating attractive and well designed website with safe functioning. The IT organizations are working continuously to make sure the security and the faster response of the online services. The information technology platform is necessary to maintain the accessibility of data in the organizations (Bianco et al., 2017). The model is designed in such a way so that the organization can make transaction of data related to the services with faster response (DeAngelo St ulz, 2015). The main features of the information technology model are the database and the security system. To maintain a proper environment through the data analysis and decision making information technology is very important from that point of view. Security standards and controls, for example ISO 17799 and so on The number of cases regarding the data theft and hacking is increasing day by day. In modern world internet has become one of the most powerful tool for business as well as providing services to common people (Brindley, 2017). Due to the use of internet the data flow has become to a large extent in online transaction and other services. Most of the information is confidential as it contains data related to customers personal details and banking details. It is seen that in recent days the information are hacked and loosed due to the attack of hackers and several malicious software (Chance Brooks, 2015). This type of cyber attacks are increasing day by day and making the information system more vulnerable. For this reason organizations dealing with information technology are becoming more and more concerned regarding the security of the information of customers and business entities (Cole et al., 2013). To maintain the security of the organizations database it is important to use new control laws and regulations. Here are some laws which are discussed in the following part. To prevent the data breach regarding the credit card information several industrial data security standards are followed and the payment Card Industry Data Security Standards or PCI DSS is the law to prevent the storing of the data related to any credit card (Davies, 2014). The federal security management act or FISMA is used to stop other organizations from misuse of the IT platforms. The Electronic Protected Health Information act or HIPAA is used to prevent data loss and theft related to information related to healthcare. The export controlled information or EAR is used to make the information safe of various international traffic and arms regulations. ISO/IEC 17799 is a code of practice for the information security management. ISO/IEC 17799 of 2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization (Ferguson et al., 2013). The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799 of 2005 contains best practices of control objectives and controls in the following areas of information security management. security policy organization of information security asset management human resources security physical and environmental security communications and operations management access control information systems acquisition, development and maintenance information security incident management business continuity management Compliance The control objectives and controls in ISO/IEC 17799 of 2005 are intended to be implemented to meet the requirements identified by a risk assessment (Glendon, Clarke McKenna, 2016). ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities. Risk analysis and contingency planning for the organization An organization dealing with information technology faces lots of difficulties in maintain the security of the information. The main security issues in an organization are related to several risk factors which can lead to damage the system to a huge extent (Heazle et al., 2013). For the betterment of the organizational security the risk analysis is one of the most important tasks for the IT team of the organizations. There are several types of risks which can make the system vulnerable and can cause loss of data (Holt et al., 2015). Risk can be caused either from inside the organization or from outside the organization. Those risks which occur internally are called internal risk factors and those risk factors which are caused externally, are called external risk factors. Risks can also be divided into two categories according to the type of occurrence. Those risks which are created intentionally are called deliberate risks and those risks which are occurred accidentally are called ac cidental risk factors (Hopkin, 2017). Risks can also be divided in two parts on the basis of the nature of the risks. If the risks are generate due to some activity of the human being then it is called the human made risk factors and if the risks are generate due natural and environmental disaster then those are called environmental risks factors (Howard Beasley, 2017). Here are some risk factors which are given below. Hacking is always considered as one of the main risk factors in case of organizations dealing with information technology. Hackers can easily break the security system of the website by cracking the username and the password provided by the users. Virus and malware are one of the high risk factors for the computer system. When the virus and the software are expanded through different network in the computing system, then the whole system become vulnerable. Malicious software is also used by hackers to infect the computer system of several organizations dealing with information technology (Howes et al., 2015). When unwanted links and other software are downloaded from the internet then the malicious software is distributed in the computer system. Natural risks are also considered as the high risk factor. Earthquake, storms can lead to huge damage of the computer system. Sudden power loss and loss of internet connections are also considered as risk factors as these types of risks can lead to data loss from the computer system. Contingency or uncertainties are also harmful for the computing system and the database of the computers in an organization. The main reasons behind the uncertainties are not known and that is the main problem regarding the uncertainties. Risks can be overcome by taking required actions but the uncertainties cannot be overcome as the time and way of the uncertainties are not known at all. Analysis of IT threats, vulnerabilities and tools including social engineering There are many threats present in the information technology system and the main reasons to make the system more advanced are to increase the security features of the organizations. Threats can be divided into many parts. The main types of threats are given below. Threats can be of several types like physical damage, loss of important services, natural events, compromise of data and technical failure and also the compromise of functions (Kettl, 2015). In case of deliberate threats the main examples are of spying and illegal data processing. Threats can also be an accidental case where the failure of hardware and software system is responsible for the creation of threats. Various kinds of natural events can also make a lot of threats to the computing system and those are earthquake and storms. Incidents like power loss and loss of internet connection can also lead to generation of environmental threats. Hacking is always considered as one of the main risk factors in case of organizati ons dealing with information technology. Hackers can easily break the security system of the website by cracking the username and the password provided by the users. Virus and malware are one of the high risk factors for the computer system. When the virus and the software are expanded through different network in the computing system, then the whole system becomes vulnerable. Malicious software is also used by hackers to infect the computer system of several organizations dealing with information technology (Lam, 2014). When unwanted links and other software are downloaded from the internet then the malicious software is distributed in the computer system. Natural risks are also considered as the high risk factor. Earthquake, storms can lead to huge damage of the computer system. Sudden power loss and loss of internet connections are also considered as risk factors as these types of risks can lead to data loss from the computer system. Social engineering is one of the biggest threats to the organizational security with respect to the information technology. The main concept regarding the social engineering is that people are convinced psychological to make a role in data loss and security breach for an organization. The internal risk factors of an organization are highly dependent on the social engineering phenomenon (Heazle et al., 2013). If the employees of an organization are convinced to make threat or vulnerabilities to the system of the organizations then the database can be highly in risk. The social engineering is done by manipulating the human thinking regarding the security culture of the organization. The decision making process is an important factor which can create all the outlines regarding the security of the organization (Becken Hughey, 2013). Social engineering actually attacks the decision making process of the human thinking and make the individual as a vulnerable element for the organization. Conclusion From the above discussion it is concluded that information security is the most important thing in the era of information technology. Due to the use of internet the data flow has become to a large extent in online transaction and other services. Most of the information is confidential as it contains data related to customers personal details and banking details. It is seen that in recent days the information are hacked and loosed due to the attack of hackers and several malicious software. This type of cyber attacks are increasing day by day and making the information syste more vulnerable. For this reason organizations dealing with information technology are becoming more and more concerned regarding the security of the information of customers and business entities. To maintain the security of the organizations database it is important to use new technologies and regulations. Several laws and risk analysis are also discussed in this report for better understanding if the security i ssues related to the organizations dealing with information technology. Recommendations To overcome the security issues related to the transaction of data and several online services the IT organizations must follow the following recommendation. The information should be encrypted for betterment of the security. Encryption is a method which is used to change the data into codes which can only be decrypted by the permission of the person who has encrypted the data. By encryption information can be made safe from the cyber attack and hacking. All the data should be limited in case of uploading so that the possibility of data loss can be decreased to a large amount. The computer system should contain advanced antivirus and firewall system so that the security system of the computer is strong enough. The virus and the firewall should be always up to date as the system should be more advanced in security and free from the malicious software and virus. The username and the password used for several websites should be strong and unique. The password should contain at least 8 characters in which alphabets, numerical and the special characters are used. All the hardware and software should be up to date and maintained in regular basis for the maintenance of the security of the system. References Aldunce, P., Beilin, R., Howden, M., Handmer, J. (2015). Resilience for disaster risk management in a changing climate: Practitioners frames and practices. Global Environmental Change, 30, 1-11. American Diabetes Association. (2016). 8. Cardiovascular disease and risk management. Diabetes care, 39(Supplement 1), S60-S71. Becken, S., Hughey, K. F. (2013). Linking tourism into emergency management structures to enhance disaster risk reduction. Tourism Management, 36, 77-85. Bianco, R. J., Arnoux, P. J., Wagnac, E., Mac-Thiong, J. M., Aubin, C. . (2017). Minimizing pedicle screw pullout risks: a detailed biomechanical analysis of screw design and placement. Clinical spine surgery, 30(3), E226-E232. Brindley, C. (Ed.). (2017). Supply chain risk. Taylor Francis. Chance, D. M., Brooks, R. (2015). Introduction to derivatives and risk management. Cengage Learning. Cole, S., Gin, X., Tobacman, J., Topalova, P., Townsend, R., Vickery, J. (2013). Barriers to household risk management: Evidence from India. American Economic Journal: Applied Economics, 5(1), 104-135. Davies, J. C. (2014). Comparing environmental risks: tools for setting government priorities. Routledge. DeAngelo, H., Stulz, R. M. (2015). Liquid-claim production, risk management, and bank capital structure: Why high leverage is optimal for banks. Journal of Financial Economics, 116(2), 219-236. Ferguson, B. C., Brown, R. R., Frantzeskaki, N., de Haan, F. J., Deletic, A. (2013). The enabling institutional context for integrated water management: Lessons from Melbourne. Water research, 47(20), 7300-7314. Glendon, A. I., Clarke, S., McKenna, E. (2016). Human safety and risk management. Crc Press. Heazle, M., Tangney, P., Burton, P., Howes, M., Grant-Smith, D., Reis, K., Bosomworth, K. (2013). Mainstreaming climate change adaptation: An incremental approach to disaster risk management in Australia. Environmental Science Policy, 33, 162-170. Holt, T. J., Smirnova, O., Chua, Y. T., Copes, H. (2015). Examining the risk reduction strategies of actors in online criminal markets. Global Crime, 16(2), 81-103. Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Howard, D. L., Beasley, L. M. (2017). Pregnant with a perforated levonorgestrel intrauterine system and visible threads at the cervical os. BMJ Case Reports, 2017, bcr-2017. Howes, M., Tangney, P., Reis, K., Grant-Smith, D., Heazle, M., Bosomworth, K., Burton, P. (2015). Towards networked governance: improving interagency communication and collaboration for disaster risk management and climate change adaptation in Australia. Journal of Environmental Planning and Management, 58(5), 757-776. Kettl, D. F. (2015). The job of government: Interweaving public functions and private hands. Public Administration Review, 75(2), 219-229. Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley Sons.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.