Architecture of IT Systems
This is a conceptual model which defines the components, structure, behavior, and view of the system. It defines everything which is necessary to secure information in a company.
Types of Threats
There are dozens of information security threats. However, some types are more popular than others. Some common types include Trojan, virus, worms, spyware, botnet, phishing, and DDoS (Solms et al., 2013). These are common types of threats which attackers utilize to compromise information. They, therefore, pose constant threats to the company and should be aware of various methodologies to address them.
Security Mechanisms
The firm has employed numerous security mechanisms to address each of the threat to its information security.
Table
| Components | Common Threats | Likelihood of Happening | Security Mechanisms |
| LAN Security | Viruses, email attachments, Trojan horses, Worms, and Probes. | X | The company should maintain a robust security firewall, conduct regular network scans, limit remote access, ensure information is well encrypted, and keep all software update. |
| Identity Management | Insider threats, hacking | X | Encrypt data, update systems regularly, and destroy all traces of data from hardware you intend to offer third-party users, have strong passwords and other authorization mechanisms. |
| Physical Security | Fire, flood, natural disasters, burglary, theft, vandalism, and terrorism | X | Cloud storage and backup. |
| Personal Security | Thuggery, assault. | X | Encryption and passwords. |
| Availability | Phishing, defacement | X | Installing anti-phishing software, use firewalls, keep latest browser version, install antivirus software. |
| Privacy | Cookies proliferation, seizing cloud data, location tracking | X | Disable cookies, put up firewalls, strong passwords, and secure all hardware, and keep sensitive data out of the cloud. |
Cyber attacks
Theft of sensitive data
A significant volume of data in any firm needs protection, but there are others which require extra caution. Therefore the company pays extra attention in putting up a defense mechanism. Some of the defense mechanism includes; encrypting all sensitive data to ensure it is never accessed by unauthorized parties. That can be enabled by using hard to crack passwords and update security software. These three defenses ensure that sensitive data is well protected and within reach of authorized company personnel only.
Gaining unauthorized access
Encryption is the first defense mechanism employed in locking out unauthorized access to information resources, keeping off any unauthorized access (Brakerski & Vaikuntanathan, 2014). Secondly, ensuring all information resources is password protected. For instance, all laptops should have passwords; on top of that every file should be encrypted using pass codes. In extreme cases, employ stenography where you hide data inside other data. For instance, you can hide text data in a .jpg file. However, even in that encryption method, ensure the data is still password protected from even those who might access the files where you have hidden other files.
Sniffing passwords
1. One approved method of preventing sniffing is by using encryption. For instance, if the client is connected in a web-based application, then one can use HTTPS-encryption to avoid any form of sniffing information that is put up in the system. Alternatively, a monitoring software can alert the information security apparatus whenever there is a suspicious action on the system.
Plan of Protection
Information
Identity
The use of the typical access card will resolve the issue of identity. Every employee is supposed to the user his or her card, with personal details that cannot be used by anyone else. The picture, name and the organization will ensure the identity of all those who access company resources is well documented. That can be backed up by individual authorization to prevent cases of impersonation.