Introduction of information technology problems and it’s Solution

The main purpose of this report is to resolve the information technology risk in the organization. For that case the scenario is given that is about the retail company that is located in London. This company is involved in selling whole sale food item to different restaurants like takeaways and hotels. Through this company the other food restaurants are able to buy different food item form this retail organization. Then after this, the organization is focusing on implementing different IT technologies in this retail organization. Due to this new software technologies in this organization.
LO1 Assess risks to (information technology) IT security
Identify types of security risks
Method to assess and treat (information technology) IT security risk
Describe Organizational security of information technology
LO2 Describe (information technology) IT security
Identify the potential impact to (information technology) IT
Security of incorrect configuration of firewall policies and third-party VPNs
Benefits to implement network monitoring systems with reasons
LO3 Review mechanism for organizational (information technology) IT control
Discuss Risk assessment procedure of develop the assets

Summarize the ISO 31000

There are a lot of problems occurs in this IT system of the organization. Sometimes this system become slower and stop working. Due to this bad system in the organization they are facing a lot of problems. For solving this issue the organization hire me as the IT head in the organization. For this organization I must have to follow the IT polices in the organization and according to that I must have to upgrade the order processing software that can easily able to solve the problem of organization. In that report there is discussion about some important risks to IT security. Then after this discussion about different IT security solutions in the organization. In the next part review different mechanism that can be used for controlling the IT problems in the organization and its management.

This is an online retail organization based in London.  The risk assessments are used to estimate, identify as well as prioritize risk organizational operations as well as from the operating assets resulting along with the information that is used in the system. It is all about money, and risk assessment is primarily a concept of business. How this retail organization first thing is to makes money, how the assets and employees help the business in making a profit and for the company what risk turn into a large monetary loss. After that, the retail company improves the IT security to lessen the risk lead to the biggest loss in an organization. In this learning, outcome discuss the type of security and different method that is used to assess and treat the IT risk. Retail organization security is also explained (Shen, 2009).

There are following types of security risks that occur in an online retail organization. The online system is demonstrated as buying and selling the product in an electronic media. Since the widespread penetration of the internet, there has been an increase trade conducted level electronically. Through an e-commerce a large variety of commerce is conducted such as internet marketing, supply chain management, EDI (electronic data interchange), as well as automated data collection frameworks. In 2007 the US online retail sales reached $175 billion and by 2012 are projected to grow $335 billion. Because of this increase in the online market, security threats are also increasing (Wheeler, 2011).

·         Privacy

·         Integrity

·         Authentication

·         Non-repudiation

·         Data lost

·         DOS and DDOS attack

·         Man in the middle attacks

These are the following security risks listed above are faced by the retail organization (Newsome, 2013).

Risk assessment in an organization is one of the most important parts. In place for every risk that you face in a retail organization, it’s impossible to put expensive as well as time-consuming measures. Consequently, the assessment stage is used for the biggest priorities. There are four rules that how will you identify the risk, how you give the ownership, how the security risk affects the confidentiality availability and integrity of the information. In this section address the four issues related to the methodology of risk assessment (Douglas A. Ashbaugh, 2008).

 Security criteria baseline, risk appetite, risk scale, as well as the methodology of risk assessment assets based in a retail organization.  The method which is used for identifying the risk assessment which affects the retail organization integrity and confidentiality the asset based approach is used. To start first develop the list of assets data is a good place, but most of the work done if you have the already list of this information. After identify the risk analyze that risk in retail organization (Peltier, 2010).

Evaluate that risk which affect the retail organization profit and also have the information about which risk have to ignore and which is important to solve. There are four ways to treat a risk in an organization (Landoll, 2016).

·         By eliminating it entirely avoid the risk

·         By applying security controls modify the risk

·         With a third party share the risk

·         Last but not the least the risk retain.

As the retail organization is based in London. First they start their business it sell whole sale food items to the restaurants as well as takeaway inside the London, Glashow and Manchester. There are 5 warehouse of the organization and they have 300 employees. The organization develop the online portal for their food items so they customer easily place their order their address in the portal and deliver the food (Alberts & Dorofee, 2003).

 The software for order process is window compatible and it’s a three-year-old and no up gradation were made. As account of security process there are controls access, encryption, and backup as well as disaster recovery these are the security of the software. After that company suffered from the several security incidents. As I am the head of It security because I am familiar with these security threats and my duty is that have to handle these things in the company or also train the employee of the company (David Kim, 2013).

In learning outcomes two we have to discuss the security solution evolution: these are the infrastructure of network security in which the evolution of NAT, DMZ as well as FWs are included. After that the network performance, Data center as well as vulnerability of security is also evaluated. In this learning outcome we learn about the VPNs the incorrect configuration; potential impact related to IT, monitoring systems as well as IT security solutions. Threat is a term that is effect your organization with different type of attacks in which DDOS attack, malware, data lost and many more like this are include. To protect the organization the security must be secure with the trusted VPNs. The other term is vulnerability this is related to the organization weakness that might be exploited by the more than one attacker. In other words we say that this allows the attack to become successful. For the Potential loss or damage risk is refers when some threat develop the vulnerability. By creating and implanting the risk management plan reduce the potential of these risks.

Here in this section identify the impacts of threat to IT. In the present world for business protecting the data is one of the important factors. Customer always wanted that their information is secure with the company, if you are unable to provide the security than you lose your customer and the business as well. People before doing the business first want to know about the security infrastructure. Threat, risk and vulnerability these are issues which potentially affect the businesses any company. These terms are interrelated with each other but these terms have different meaning and implementation.

The question is that why we configure the firewall and the answer for this is that for the security purpose to prohibit the access to my resources of digital. As digital resource might be computation or else networking device otherwise personal computers. Now, if the configuration is wrong than this is not good for the system. Let’s here take an example, for the general use you mistakenly open the ftp port than on the system anyone can access your system remotely (Allen, et al., 2017).

 Your network traffic may route your network toward a slow pipeline network as well as from this the performance of the network is reduce. As a result you are far away from your destination and might be you are blocked from there. Sometime because of the wrong firewall configuration lead to a major problem because it might block the traffic that is used by the common programmer on the system. From both external and internal threats firewalls protect the systems. As everyone knows those VPNs are the most exciting technology yet it’s like a technology you can trust.

Consequently, how safe you are it’s only on the other one. You don’t worry about the security issue if the VPN is trusted one but if the VPN is not trusted one than this become an issue as all network traffic are routed from there to your system. The VPN knows all your secrets of company or the company websites. So the miss use of data also happening if the VN is not trustworthy (Syngress, Liu, Miller, Lucas, Singh, & Davis, 2006).

In network management Software Company are investing more money than ever before. For your network the IT infrastructure become more complex as well as have a better security and monitoring systems are dominant. To implement the network monitoring system there are the following benefits that describe in this section with reason. Effective change management is one of them. The software of network management enables well-organized change management. For performance the staff of the organization set the benchmark. Past network configuration must be record for the case that anytime needs to be reverted.  Regulations and network compliant are the other benefits and the reason for this is that the network system only focuses on the customer needs and the service of the retail organization.

By providing business with the main features which analyze the network and monitoring systems help in maintain the compliances.  For VLANs as well as secure channels could help companies to stay on the track real time maps, continuous monitoring as well as post associations. The other benefit is network availability along with optimizing performance. Thorough this performance of the system is better. The network data automatically gathers through network management; before the staff of the company report them through phone or else email allowing the administration to fix the issues. In real time internet performance can be analyzed through functionalities. Saving money and the performance documentation as well as SLA requirements are also the benefits of monitoring system implementation (Vesalainen, Valkokari, & Hellström, 2017).

To start first develop the list of assets data is a good place, but most of the work done if you have the already list of this information. After identify the risk analyze that risk in retail organization

As I am the head of It security because I am familiar with these security threats and my duty is that have to handle these things in the company or also train the employee of the company

Data center as well as vulnerability of security is also evaluated. In this learning outcome we learn about the VPNs the incorrect configuration; potential impact related to IT, monitoring systems as well as IT security solutions. The evaluation for stability is extremely important for using this tool in the organization for making policies. This can be done through defining the scope. For that case the retail organization wanted to minimize the information security risks in their system. Then after this they have to identify different processes related to this risk. The retail organization also have to identify different important threats and vulnerabilities. Then in the last they have to apply different risk management techniques

As a result you are far away from your destination and might be you are blocked from there. Sometime because of the wrong firewall configuration lead to a major problem because it might block the traffic that is used by the common programmer on the system

This is basically the family of standards that are related to the risk management in the IT industry and it is codified by the International organization for standardization. The main aim of ISO 31000 is to provide some important principles and also some generic guidelines for managing the risk in the organization that are related to IT. They are involve in giving different services for the risk management in the organization. In this retail organization this risk is related to technical things in the organization like IT systems.

There are many users of ISO 31000 around the world. The first main user are those companies that wanted to implement their risk management system in their organization. The next users are those who wanted to manage their risks in their organization. Those users that wanted to ensure that their company is managing risk in proper way. For this case this company is wanted to manage their risk in their organization so that they can easily minimize their problems. This company is struggling with IT technology risks. They are unable to protect their data on large scale. For that case they wanted to implement ISO 31000 in their organization so that it become so much easy for the organization to resolve IT security.