Paper Example on Natural Risks

Introduction

Natural risks are those that caused by environmental agents. The natural risks are mainly environmental conditions which the organization may not have control over. The risks include natural disasters such as; earthquakes, natural fire, lighting, wind, floods, and wild animals. This type of threat causes severe physical damages to the information technology systems and the respective facilities (Jouini, 2014). The risks destroy the hardware that host software, therefore, making the systems unusable. If affected by a natural disaster the company will incur huge costs to make the systems up and working again due to the provision of new hardware and software.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Man Made Risks

Man-made risks are those that have a man as the causative agent. The attacker might attack the software in order to take control of the hardware, may attack the software to make it unusable, or may steal the hardware. The man-made risks are divided into two groups.

First, internal risks. These risks come from the people who are authorized personnel of the organization. The risks may be intentional, accidental or the person may be deceived by an attacker. The insider may disclose sensitive information such as passwords and usernames or credit card numbers to the attacker, this might be deliberate, accidental or through deceptive disclosure. The insider may also be the attacker and therefore uses the authorized access to carry out malicious act such as accessing sensitive data that he or she is not authorized to access, disrupting the working of the system, altering the valid data that may be stored in the database hence making it lose integrity, or may deny the right user access to data or use of the system (Jouini et al, 2014).

Second, external man-made risks. These risks are those that come from people or organizations that are outside the organization. The individuals do not have the authorization to access the organization's system or location (Jouini et al, 2014). The common form of threat is stealing from the hardware devices that belong to the organization. Other risks are directed towards the computer system and the agents carry out the attacks by intruding the organization's network. The attacks include denial of service attacks, malicious software attacks, loss, or corruption of information and masquerade attacks (Stallings & Brown, 2015).

The risks that arise due to the man can be mitigated using various means such as; having grills on the entrances to the rooms where computer components are stored and security personnel to prevent theft. Software (firewalls and antiviruses) can also be used to detect and prevent malicious software and malicious activities on the organizations' network, therefore reducing the risks (Stallings & Brown, 2015). The organization should have remote backup systems that would provide copies of original data in the case an attack affect the computer systems, especially from natural risks.

Server Virtualization

Server virtualization is the virtualization of the base hardware to allow several operating surroundings to operate over the hardware directly and thus allow the sharing of the base hardware among different organizational servers (Vmware, 2006).

Advantages

Faster and more efficient backup and disaster recovery. First, the disaster recovery process is independent of the recovery hardware. Virtual machines comprise the whole setting (application, data, operating system and the virtualized server) meaning that recovery can be done on any virtualized environment regardless of differences in the base hardware. Backup of data is done using the Storage Array Data Replication to a secondary site, thus protecting the data from local disasters or hardware malfunction. The data can then be recovered easily after the disaster has been taken care of. The secondary site is also a virtualized fall over the site which makes the backup data accessible to the concern organization in a relatively small period of time. The recovery using the virtualized secondary site may take less than an hour to restore the organizations' system to normality. The administrators get an easy time in the recovery because they handle only one single type of data; encapsulated virtual machines. Normally the management would have to handle the applications and data (Vmware, 2006).

Disadvantages

The experiences of compromise in the virtual machine monitor (VMM). The VMM is the core component of a virtualized server and therefore any compromise of its parts is a risk to the whole system. One virtual machine can, therefore, be used to infect all other virtual machines. There are three forms of compromise to the VMM. One, VMM introspection; when the host Operating System is working in a high trust level then this puts the system at risk. Two, VMM alteration, this influences the virtual machines (VMs) that are on the VMM and since the VMM has full hardware control, the hardware is compromised. Three, VMM Denial-of-service; the VMs that are on the VMM are highly dependent on the VMM and therefore any attacks on the VMM affects the VMs denying the users access. Therefore, any successful attacks on the VMM that compromise it leads to the compromise of the VMs and the underlying hardware disruption in the system. The second disadvantage, the trust in the virtualized server. The Operating System is made to trust the virtualized hardware and the virtual machine monitor, making this a great vulnerability. If the VMM in any way experiences failure, then it would affect the VM, therefore compromising the security of the system and the underlying hardware. This implies that the security of a virtualized server depends on all the levels (underlying hardware and the VMM), since they are highly interlinked, and any interference on one affects the rest (Metzler, 2011).

References

Aven, T. (2008). Risk analysis: assessing uncertainties beyond expected values and probabilities. Chichester: John Wiley.

Jouini, M., Aissa, B., & Rabai, L. (2014). Classification of Security Threats in Information Systems. Retrieved from: https://www.researchgate.net/publication/315714820Metzler, J. (2011). Virtualization: Benefits, Challenges, and Solutions. Riverbed Technology Ltd.

Stallings, W. & Brown, L (2015). Computer Security: Principles and Practice. Pearson Education Inc.

Vmware, (2006). Making Your Business Disaster Ready with Virtual Infrastructure.