Professional Documents
Culture Documents
In the current technology age, the implementation of information technology or systems has
become inevitable for the smooth running and operations of a firm. The digital transformation
has made it easier to conduct business and reach customers far and near across the globe.
However, the implementation of information technology comes with its drawbacks which is the
attacks and threat that digital business poses to company resources (Such et al, 2016).
Organizations network and systems are faced with numerous threats. However, it is the
responsibility of the organization to ensure there is a regular risk assessment to determine how
safe a company network is and detect early any vulnerability in the system. This paper examined
SNHU is an educational institution that has systems that manage student and employees’ records
and as such has a security policy and systems to ensure data of students and employees are
protected. SNHU has an IT security department that manages the security of data within the
university. SNHU has a good network and data security system in place supported by data
security policies and procedures. In analyzing the environment, it is important to examine the
Security protocol and policies at SNHU can be accessed based on the information technology
Information is properly managed at SNHU. All information collected about stakeholders are
stored in the university data center and regularly monitored by the IT department. The IT
ensuring data are regularly backed up, there are permission and authorization to certain
information and information change must be approved by the IT department before it takes to
effect. All data usage by the users both employees and students are managed and authorized by
the IT department
Data Center
In the data center, all data about the university is stored. The data center of the university is
secured with restricted access to the public or stakeholders. The data center in the university is
protected under sound information security policy which makes it difficult for any intruder to
gain access to the data center. The data center is protected both digitally and physically. Aside
from data protection, university data are also remotely cloud-based backed up to ensure business
Safety:
In terms of physical safety, the university has strict policies regarding the entry and exit of the
university and data storage areas. This is to ensure the physical security of data within the
university. Only authorized individuals are given access to the university data center. Every
activity regarding data change or data facility arrangement must be authorized by the university
according to the information technology policy. Data change in every department must be carried
In the opinion of Lee et al (2018), a threat to the database can be due to physical damage or
digital loss. Data can be lost through a disaster at the data center such as fire, flood, or another
disaster, and data can be lost through digital means such as hacking or gaining unauthorized
access to corporate network or database. Irrespective of the form of threat to data, it is important
to have security mechanisms in place that prevent both physical to the data center and electronic
Threat Environment
Every organization that stores data face a threat of data security. However, in the case of SNHU,
the university has put in place some data security mechanisms to overcome any threat to its data
security. The threat environment of the university can be divided into electronic threats and
physical threats.
The electronic threat environment comprises of the threat to information assurance of the
university. This involves digital such as system failure and malicious human interference. There
are also some vulnerabilities in the digital environment of the university such as security system
configuration and IT security system audit. A system failure is a threat to university information
assurance. System failure will lead to a halt in service unavailability. Students, employees, and
other stakeholders would not be able to access resources or communicate with the university
system. Aside from the system failure, another threat is malicious human interference (Utomo et
al, 2017). This involves intruders gaining access to the university system or network. this could
lead to the loss of important information by the university. The vulnerabilities determined in the
university digital environment which is security system configuration and IT security system
audit. System configuration is vulnerabilities when the firewall is not properly configured and
the system is vulnerable to attacks. System audit vulnerability involves a lack of periodic IT
security audits to determine the vulnerability in the university system and network.
Physical threats to the university information assurance include unauthorized access to the
physical data center of the university and physical damage to information resources of the
university such as flooding. Unauthorized physical access to the data center is a threat to
university information assurance. This is because an intruder that gains access to the data center
could have access to physical data or files stored in the data center. A natural disaster such as
flooding as a threat to the university information assurance involves flood affecting data
hardware resources (Paul et al, 2019). This will lead to data outage when hardware such as the
server and other components are affected by floods. Some physical vulnerabilities could affect
information assurance in the university. This includes a lack of proper air conditioning and the
location of the server room. When the air conditioning system in the data center is old is poses a
lot of vulnerability to data hardware and information assurance of the university. Besides, the
location of the server room is also an important vulnerability, when the server room is placed in
the ground floor, it is susceptible to flooding (Torabi, Giahi & Sahebjamnia, 2016).
Best Approaches:
Based on the evaluation of the threat environment of SNHU, some approaches are recommended
Digital Threats
Concerning the digital threats examined, the organization needs to ensure data hardware
and software are checked and maintained periodically. This prevents any form of system
failure from occurring. Besides, data must be backed up periodically to prevent data loss
information security policy of SNHU. Regular scanning of the system for vulnerability
To prevent vulnerability that may arise from an IT security audit. IT security audits must
be conducted regularly. This is important to access the current status and level of data
security in SNHU.
Physical threat
The best approach to address physical threat at SNHU is to ensure maximum physical
security at every entrance of the university and the entrance to the data center. This is
necessary to ensure only authorized individuals gain access to the university data center.
It is also advised to limit access to the data center by making an entrance to the center on
of the third floor in the IT departments. This will ensure the flood does not get to where
data hardware is kept. Besides, to prevent physical damage to data hardware, physical
Risk Matrix
Key
References
Cilliers, L. (2017, May). Exploring information assurance to support electronic health record
Lee, S., Cho, H., Kim, N., Kim, B., & Park, J. (2018, January). Managing cyber threat
intelligence in a graph database: Methods of analyzing intrusion sets, threat actors, and
campaigns. In 2018 International Conference on Platform Technology and Service
Paul, P., Bhuimali, A., Aithal, P. S., & Rajesh, R. (2019). Vulnerability in Information
(IJMTS), 4(2), 87-94.
Such, J. M., Gouglidis, A., Knowles, W., Misra, G., & Rashid, A. (2016). Information assurance
Torabi, S. A., Giahi, R., & Sahebjamnia, N. (2016). An enhanced risk assessment framework for
Utomo, R. G., Walters, R. J., & Wills, G. B. (2017, December). Factors affecting the