Assignment #2 IS
Assignment #2 IS
Assignment #2 IS
FILE SUBMITTED TO
GIAN JYOTI INSTITUTE OF MANAGEMENT
&
TECHNOLOGY
PHASE-2, MOHALI
AFFILIATED TO
Threats in network security refer to potential attacks on a network that can compromise the confidentiality,
integrity, and availability of data. Some common threats in network security include viruses, worms,
Trojans, spyware, adware, denial-of-service attacks, and phishing attacks.
Network security controls are measures put in place to protect a network from these threats. Some
common network security controls include firewalls, intrusion detection systems, antivirus software,
content filtering, and encryption.
Security planning or risk analysis is the process of identifying potential security risks to an organization's
information systems and determining the appropriate controls to mitigate those risks. The goal of security
planning is to ensure that an organization's systems are secure and that the organization can continue to
operate in the event of a security breach.
The risk analysis process typically involves identifying potential threats, assessing the likelihood of those
threats occurring, and identifying the potential impact of those threats. Based on this analysis, security
controls can be implemented to reduce the risk of a security breach.
Q4. Explain the following:
Organizational Security Policies
Physical Security
Organizational security policies refer to the rules and procedures that an organization puts in place to protect its
assets. These policies cover a wide range of security issues, including access control, data protection,
incident response, and security awareness training.
Physical security refers to the measures that an organization takes to protect its physical assets, such as
buildings, equipment, and data centers. This can include measures such as surveillance cameras, access
control systems, and security guards.
Q5. Explain the Legal, Privacy, and Ethical issues in Computer Security – with reference to protecting
programs and data, information and the law, Rights of Employees and Employers, Software Failures,
and Computer Crimes.
Legal, privacy, and ethical issues in computer security are complex and multifaceted. Protecting programs and
data involves issues of intellectual property and copyright law. Information and the law include issues of
data protection and privacy laws. Rights of employees and employers include issues such as monitoring
employee computer use and ensuring that employees are not using company resources for illegal or
unethical activities.
Software failures can result in serious consequences, and organizations can be held liable for any damages
resulting from these failures. Computer crimes, such as hacking and identity theft, are also major concerns
for organizations, and can result in significant financial and reputational damage.
In order to address these issues, organizations need to implement effective security controls and policies, as
well as provide regular training and awareness programs for employees. Additionally, organizations need
to stay up-to-date with changes in relevant laws and regulations to ensure that they are in compliance.
Regenerate response