IT Security & Risk Management

 

1. Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. Companies often grant access to information and assets to staff even if it is not relevant to that member of staff’s role. Describe access control methodologies and implementation for purpose of security? Give detailed justifications for your recommendations. (10 Marks)

Ans 1.

Introduction:

 

 

NMIMS Complete Solved Assignments

available for session  September 2021

last date is  28^th August 2021

buy cheap assignment help online from us easily

we are here to help you with the best and cheap help

Contact No – 8791514139 (WhatsApp)

OR

Mail us-  [email protected]

Our website – www.assignmentsupport.in

 

2. As a term, people, process, and technology (PPT) refers to the methodology in which the balance of people, process, and technology drives action: People perform a specific type of work for an organization using processes (and often, technology) to streamline and improve these processes. What do you mean by security awareness for people, process, and technology? (10 Marks)

Ans 2.

 

3. A database managed by an Indian state government healthcare agency was left connected to the Internet without a password, where it exposed more than 12.5 million medical records for pregnant women. Records go as far back as five years, to 2014, and include detailed medical information for women who underwent an ultrasound scan, amniocentesis, or other genetic testing of their unborn child. The database belonged to the Department of Medical, Health and Family Welfare of a state in northern India. The reason is that the database is still available online without a password. The good news is that the medical records have been removed from the database. However, removing these records wasn’t an easy task and it took more than three weeks to have them taken offline. The database was discovered by Bob Diachenko, a security researcher with cyber-security consulting firm Security Discovery, in early March 2019. The database was eventually secured with the help of the experts, but the entire process took three weeks, during which time the server and the medical records remained exposed for anyone to download. The government agency secured the leaky server after 3 weeks of intial discovery. While the database did not contain information about all pregnancies recorded inside the unnamed Indian state, it did contain medical records for women who suffered pregnancy complications and abortions, data that some families would have liked to remain private, due to obvious reasons.
4. What changes would you suggest to prevent such oversight in future? (5 Marks) –

Ans 3a.

 

1. With reference to the above case discuss the data privacy standards and guidelines in India vis a vis a country such as US, Canada or UK. (5 Marks)

Ans 3b.