TyroCity

Discussion on: Risk Management and Mitigation risks

Collapse
 
ncitujjwal profile image
ncitujjwal

Threats are possible dangers that could compromise the confidentiality, Integrity, availability, accessibility and accountability of a computer system or service. Threats could be malicious (Alghazzawi, 2014), they could be intentional threat or they could be someone trying to hack the system or someone tries to damage a system or they could access the threat such as natural disaster like Food, earthquake. This threat may be external or in other words this could be in attractor coming over the internet and trying to attract a server or this could be internal threat this could be employee involve in fraud activity such as money laundering, theft is the another similar activity like that.

Vulnerabilities are weakness in a system that permits a threat to be realized, comprising the confidential, integrity, accessibility, accountability and availability of the system so the threat is a potential harm to the system. First it comes to the system, the potential force could attract the system. Basically the Vulnerabilities are weakness of the system that allows the threat to get in and materialized (Yadav & Puri, 2015). The critical Vulnerabilities are flaws and that can be exploited by an attracter with the correct tools or by the correct situation.

We have security control, which basically manage and mitigate the risk associate in our system. Basically security controls are safeguards implemented to close Vulnerabilities and mitigate threats in order to protect the confidentiality, Integrity, and availability, accessibility and accountability of the system. The control can be physical, the can be procedural and they can be technical. The very simple control is physical control for example our home door lock system is physical control system. The door denied access of simply opening the door unauthorized person. We have procedural control which is systematic control system. In a Bank has authority of entering in money store room in Bank manager and Khajanchhi only. They have authority to enter there at a time both person. So it is one of the suitable example of procedural control. In the security of information field or in the computer security this control can be technical. We can have systematic policies and place prevent certain actions.

We can required data to be encrypted so we in different control we can implement so we can try to protect the system. In order to identifying the control, we need to ask ourselves what kinds of Vulnerabilities is there are. What types of threat exists and how can be we mitigate the threat. What safeguards can be put in place to make a system less Vulnerabilities to a threat. What types of protective measure we take (Chou, 2013).

There is certain trade - off to implement the control these controls themselves can negative impact CIA triad’s compliances of system. Many types of security control actually reduce the availability of the system to authorize user. For example, if I take a system as server has confidential information and I decide to protect the confidential information on the server by unplugging the server and locking the system. Implementing a very strong security control interns of protecting the confidentiality however, we completely eliminate the availability and therefore I have really accomplish information security. These types of control reduces the availability too much.

CIA triads are one of the security control mechanism in information system. The NIST computer security handbook defines: "The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data and telecommunications)”. Beyond CIA triads, we have various technology which actually safeguards from different Vulnerabilities and threats, these are Cryptography, Protocols, Controls and Software like Firewall, Windows defender and antivirus system. In cryptography the sender’s password must be verified first then only receiver conform the message. So finally those controls must safeguards system to an acceptable level of risk while maintaining availability.

In conclusion, The control is safeguards and these safeguards implemented to Vulnerabilities and minimize the risk, threat, in order to protect the confidentiality, availability and accountability and integrity and accessibility in the system (WATTS, 2017).

References
Alghazzawi, D. (2014). Information Systems Threats and Vulnerabilities. International Journal of Computer Applications (0975 - 8887 .

Chou, T. (2013). SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES. International Journal of Computer Science & Information Technology (IJCSIT) Vol 5, No 3 .

WATTS, S. (2017). IT Security Vulnerability vs Threat vs Risk. Journals of Computer Science and Information Security .

Yadav, S., & Puri, S. (2015). Threats and Vulnerabilities of BYOD and Android. Research Gate .