Question

Propose a method to assess and treat IT security risks.

Answer 1

Answer:

If I will be asked to propse a method to asses and treat IT security risks, this is how I will follow :

• The basic thing to start with is to analyse what is the data flow in a company and what kind of data is being stored in.
• If any security risk is found then we need to understand the nature of it. There could be two possibilities :

1. It could be an internal source
2. Else from an External source

Now analysing the source of risk is important to deal with it . Internal Source here we mean is it could be an employee and external source could be any third person.

If it is a risk from an external sources then we need to protect our routers and hosts with good firewalls and anti virus softwares . Furthermore we need to filter the data to detect the risk and correct it accordingly.

If source of risk is from internal then I must say it is very difficult task to deal with because it is easy to judge the intentions of an enemy than a good friend. So it needs a well planned training and educational classes for employees to educate them importance of data and network security because sometimes the risks could happen because of their lack of knowledge.

• We need to do a security research and hunt the bugs in our systems so that the loopholes could be fixed before the damage.
• Now if we got the security risks , then at this stage we need to deal with the risks on the basis of their level of damage that could be done with them and fix accordingly.
• At the end we need to design the different levels of controls and analyse different bugs and their level of damage and learn with mistakes for future .

Hope it clears :)

DEAR PLEASE DO RATE IT IF HELPS ELSE LET ME KNOW YOUR DOUBT.

THANK YOU!!!