IT Security and Risk Management
September 2022 Examination
Q1. As a term, people, process, and technology (PPT) refers to the methodology in which the balance of people, process, and technology drives action: People perform a specific type of work for an organization using processes (and often, technology) to streamline and improve these processes. What do you mean by security awareness for people, process, and technology? (10 Marks)
People, process and technology is a framework that is used by most organizations to improve the day-to-day activities of their employees and tools efficiently. This framework has helped to map the entire value streams of people, processes, and technology. This helps provide full control and visibility into high-performing teams so they can optimize operations and ship faster. This PPT framework is all about how they work together. The process makes this work more efficiently. Organizations can achieve efficiency by balancing people, processes, and technology relationships
Q2. Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. Companies often grant access to information and assets to staff even if it is not relevant to that member of staff’s role. Describe access control methodologies and implementation for purpose of security? Give detailed justifications for your recommendations. (10 Marks)
The ultimate goal of an access control system is to provide a level of security that reduces risk to an organization. These organizationscenter on data from employee onboarding and offboarding to product plans, financial documents, and customer details. Every organization must pay close attention to how they store, access, and protect their assets. Without proper access control, organization leaves their staff and customers vulnerable to cyberattacks, data theft, or breach of privacy and data protection laws.An access control system controls who can view or use any given resource. This can translate to who can access and edit a particular
Q3. Started in March 2011, Company X is a New Delhi-based custom software solutions provider company. Company deals in developing and customizing software solutions for clients on a project basis and provides technical and business support in an outsourced capability. The main business and service areas of the company include IT consulting, web design and development, mobile applications development, software development, robotics and Internet marketing. The company has an employee base of 50 people, and it caters clients from a wide range of industries including aerospace, automotive, consumer goods, food, metal fabrication, medical, pharmaceutical and solar panel, among others.
Key excerpts are presented based on the interview responses from employees across hierarchy in the company.
if the productivity is lost in our area, then it directly relates to losing our clients, because we have to deliver our projects within scheduled time. And if client loses the trust, he will not give us more business…
for my organization, there are two assets which are most important; one is the information which we hold and process, the second one, I will say, the technical human resources who do this job… my organization survives on managing information…
time to time, there is top management support, but not up to the level what is required in our organization, it is lacking..
comprehensive information security policy is there, but its compliance is another issue…
3a. Based on the information presented above what would be the main areas of concern w.r.t IT Security for Company X? Give justification for each of your observations. (5 Marks)
Company core business integrity and staff protection are critical, investing in security in companies are important in protecting against cyber-attacks and security threats. Data breaches are time-consuming, expensive, and bad for business. With strong information security, a company reduces its risk of internal and external attacks on information technology systems. They also protect sensitive data, protect systems from cyber-attacks,
Q3b. What would be the recommendations which you would like to suggest Company X to safe guard them from any potential security threats. (5 Marks)
Data breaches and cyberattacks have, unfortunately, become a common issue that businesses of all sizes need to guard against. Knowing how to prevent potential security threats is crucial to running a company’s operations effectively and securely. Information security threats exist both outside and inside your organization. For Company X to protect the security threats,