Technology evaluation and recommendation

Technology Evaluation and Recommendation In identifying risks, the need determine how assets can be damaged, destroyed, stolen and altered in an organization is the essence of information technology. The risk assessment gives a ground on which to implement security plans in order to protect assets of an organization from possible and impending threats. In order to improve the security of assets against threats, it is important to find out. One, what are these assets that need protection. They include component failure, ‘ unauthorized deletion or modification, misuse of software and hard ware, unauthorized disclosure of information, viruses, Trojan horses, or worms, riots, fires, floods, or earthquakes, penetration (hackers) and software bugs and flaws’, Peter and Thomas (2001). After assessing the risks, the next plan of action for the organization is to plan pro-actively, Layton, Timothy (2007). This involves developing security measures and limitations, and implementing tools to help in the security. This will help protect the “ assets of the organization and employee mistakes” (p. 90) Often, organizations evaluate technology adoption according to how they collect process and distribute data within and outside the organization. This particularly depends on the amount of data to process. For this reason, the organization should consider installing large storage devices that will aid fast processing of information. Most of the organizations have different departments. Data within the organization has to be shared daily basis where some of the data has to be directed to few individuals. An organization is therefore responsible how the information is to be shared (Ronald 2003). In computer, “ security risk assessment planning is very important”. In most circumstances no plan of action can be of any importance unless a risk assessment is performed, Allen and Julia (2001). The risk assessment gives a ground on which to implement security plans in order to protect assets of an organization from possible and impending threats. In order to improve the security of assets against threats, it is important to find out. One, what are these assets that need protection. Two, what level of risk of the assets in question and third, what level of resources the organization has put in place to upgrade the assets and protect them against any risk. According to Allen and Julia (2001), a risk is when a threat tries to harm your computer as a result of the computer vulnerability. Therefore the plans and policies to protect your system after knowing the threats involved are eminent. The following are some of the ways to indentify risks to your system. One, gather all the work-force in your organization and have a brain storming session where-by you list all the assets and their respective threats. This will help to increase security awareness in your organization. There are three sources of these risks: This include: unintentional risks, natural disaster risks and intentional risks (Allen and Julia (2001). This can be illustrated as follow, in the figure below: Source: (Peter and Thomas, 2001). Identifying Risks to the Assets To identify risks, one need determine how assets can be damaged, destroyed, stolen and altered. They include component failure, ‘ unauthorized deletion or modification, misuse of software and hard ware, unauthorized disclosure of information, viruses, Trojan horses, or worms, riots, fires, floods, or earthquakes, penetration (hackers) and software bugs and flaws’, Peter and Thomas (2001). Candidates’ technology based solution The information produced, should be categorized according to it is sensitivity to loss or disclosure. For our client, the following set of informational categories can be used. One, proprietary; in this case for internal use only and also, data should be broken down based on the following requirements: “ confidential, private, sensitive and public. Besides, an estimate of the likelihood of each risk, which is done by, obtaining estimates from insurance companies”. (Peter and Thomas, 2001). Also identify the type of threat and the method of attack. Security threats can be divided into human threats and natural disaster threats. The human threats can further divided into malicious and non-malicious threats. In understanding these threats, it is possible to ascertain the vulnerabilities caused in the exploitation, and particularly which assets are targeted during the attack (Layton and Timothy, 2007). After assessing the risks, the next plan of action for the organization is to plan pro-actively, Layton, Timothy (2007). This involves developing security measures and limitations, and implementing tools to help in the security. This will help protect the “ assets of the organization and employee mistakes” (p. 90) Also, the organization should develop password policies. This password should be kept secret at all times. The use of password should not be compromised in it is use and storage. This means for effective use of pass word, it should be changed periodically, and should be assigned to the user when used for the first time. This can be ensured that the system maintains the pass word data base (Ronald 2003). In conclusion, organizations should ensure that they have different accounts with different access rights. These accounts should adopt unique passwords changed periodically to prevent hackers from invading the organization confidential data. References Allen, Julia H. (2001). The Cert Guide to System and Network Security Practices. Boston Ronald L. (2003). I-formation Security: Design, Implementation, Measurement, and Compliance. London. Layton, Timothy P. (2007). The CISSP Pre Guide (Gold Edition Ed.). London. Peter, Thomas R. (2001). Information Security Risk Analysis. Boca Raton, FL: Acerbic publications