Control Requirements in Business Processes †Assignmenthelp.com

Question: Discuss about the Control Requirements in Business Processes. Answer: Introduction: The information technology is termed as the connection that exists among the various devices that are connected with each other. The devices may include computers, laptops, mobile phones and other devices, which facilitate interconnection with each other. This report discusses about the IT security and the technological landscape along with the model of security involved. The report also includes the risk and mitigation to address the risks involved in IT security. IT security and technological landscape: The security in information technology (IT) refers to the protection involved between the systems of devices that are connected among each other. They also include the mitigation of the risks involved by theft of resources from the hardware and software involved. The security in IT consists of processes that help in control of access to the system and the protection of them. However, the presence of accidental or deliberate malpractices can lead to deviation of the IT security process from its security (Jaferian et al., 2014). There are presences of certain vulnerabilities that utilize the weakness in the system and gets unauthorized access to the system. These include the backdoor mechanism, which is used to bypass the security of the device and get access, Denial of service (DOS) attacks that denies the service to the actual user, eavesdropping which enables spying in networks and phishing attacks where the collection of sensitive data such as user credentials are done. Technology landscape is used to provide a structure to the existing technologies. They are made to deal with the technologies that are currently being processed. The technology landscape is not relevant and does not provide one solution (Hagberg, 2012). It varies to different businesses. It refers to the assessment of different businesses to reach the required goal that is being set by the business involved. Some common examples of technology landscaping are identification of competitors, identification of targets or evaluation of IP relates risks. IT security models and Access control: The information security model is a set of processes, which is used for the specification, and enforcement of policies relating to the security of the system involved. The model is based on the formal model, which addresses the access rights. The model is also used to address the computation model, distributed computing or no such rights. A policy on computer security is used to implement the IT security model (Siponen, Mahmood Pahnila, 2014). The major topics included in the IT security models is the Access Control List, Bell-La Padula model, Brewer and Nash model, Biba model and also many other models that helps in identifying the policies for implying the IT security model. The access control refers to the check and control of access. This involves checking of login credentials to get access to the system. In computer security, the access control involves the process of authorization, approval in access, authentication and audit (Brucker et al., 2012). The process involves checking the credentials of the user trying to enter the system and then provide access to the user. This helps in reducing the unauthorized access to the system and mitigates the risk involved. Authentication is done by checking the login credentials like passwords, biometric scans or electronic keys. Mitigation of risks and threats involved: The presence of securities in a IT system is required to address the threats and risks involved as it can cause much difficulties in the system. This section discusses about many processes to mitigate the risks in IT security. The presence of strong login credentials like strong password is a best way to reduce unauthorized access. The presence of strong security policies that involves the users involved to get strong passwords that includes combination of various characters to help reduce the risks involved (Zemel, 2015). The presence of updated security features is a requirement for keeping the systems safe. The patching of security and constant updating is a need for maintaining the security in the system involved. Anti-virus programs are a great way to get security as it provides the ability to scan the system for vulnerabilities present that could affect the system. It also helps in notifying the system regarding the presence of any system viruses that are present (Wong Brooks, 2015). In addition, the users in a system are required to get security awareness. Most common malware attacks occur due to the sending of phishing links that in the email of the users. By clicking the link, the hackers are able to get the information from the infected user. The presence of training in security is needed to address such risks. Conclusion: Thus, it is concluded from the report that the information security models are required for the betterment of the society. However, the presence of certain problems can lead to deadly impact in the system and the need for strong security protocols are required to effectively address them. References: Brucker, A. D., Hang, I., Lckemeyer, G., Ruparel, R. (2012, June). SecureBPMN: Modeling and enforcing access control requirements in business processes. InProceedings of the 17th ACM symposium on Access Control Models and Technologies(pp. 123-126). ACM. Hagberg, J. E. (2012). Being the oldest old in a shifting technology landscape.Generational use of new media, 89-106. Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., Beznosov, K. (2014). Heuristics for evaluating IT security management tools.HumanComputer Interaction,29(4), 311-350. Siponen, M., Mahmood, M. A., Pahnila, S. (2014). Employees adherence to information security policies: An exploratory field study.Information management,51(2), 217-224. Wong, S., Brooks, N. (2015). Evolving risk-based security: A review of current issues and emerging trends impacting security screening in the aviation industry.Journal of Air Transport Management,48, 60-64. Zemel, A. (2015). Adaptation, mitigation and risk: An analytic approach.Journal of Economic Dynamics and Control,51, 133-147.