Information Systems Risk Management

Introduction

IT risk management is supposed as an element of a wider enterprise risk management system. The development, maintenance and persistent enhancement and improvement of ISMS give a powerful indication that a systematic approach is implemented for management, assessment and identification of information security risks. There are a number of various methodologies that have been proposed in order to manage IT risk. All of them are divided specific steps and processes. Focusing on the Risk IT, it is observed that it is implemented to encompass not only the negative impact of the services and functions that can bring reduction and devastation of the value of the organization, but it is also implemented to provide benefit\value enabling risk linked to unavailable opportunities of using technology in order to enhance or enable the IT project management (Morel, Benoit, Linkov, and Igor, 2006).

Discussion

Vulnerabilities to the System

Reconnaissance in the Contest of Computer Security

The term reconnaissance is actually comes from its military use, where it is referred to a mission into enemy territory for acquiring data and information. In the context of computer security, the term reconnaissance is considered as an initial step for preventing further attacks that are directed to damage the targeted system. Port scanning, is often used by the attacker for instance in order to discover any risky ports. A hacker mostly damages the vulnerabilities of services and systems that are linked with open ports and were detected after an attack (Lam, LeBlanc and Smith, 2009).

Active reconnaissance is considered as a category of computer attack which involves an intruder with the system that is targeted for collecting data and information related to the vulnerabilities. It is somehow confusing that both the passive and active reconnaissance are actually based on the passive attacks as a they are aimed to find out the information only instead of actively targeting the systems and damaging them with rapid attacks as done by active. Passive and active reconnaissance are utilized for the purpose of which is comprised of attack methods for determining the vulnerabilities of the system. In this way al the related concerns are focused before the attack by any virus or hacker and this protects the system's data and information (Kizza, 2005).

Active reconnaissance Data Collection Technique-Active reconnaissance refers to system information collection for hacking purposes or system penetration testing. In active reconnaissance, a hacker uses system information to gain unauthorized access to protected digital or electronic materials, and may go around routers or even firewalls to get it. Active reconnaissance is also used by systems analysts and programmers to test the security of networks and systems and scan for potential vulnerabilities (Kaeo, 2004).

Passive reconnaissance Data Collection Technique-The term passive reconnaissance refers to as a form of information data collection which is targeted and occurs in the situation when the personal data of any an individual is stolen like password and that individual is not even aware of it. It refers to a malicious hack whose target can be tracked and can be observed ...