ODA BULTUM UNIVERSITY

COLLEGE OF NATURAL SCIENCE AND COMPUTATIONAL

Department Of Computer Science

Computer Security Individual Assignment

By Anwar Shita

Id no.0992

To Mr.ketema
 Administering Security

Administering security is the process of implementing strategies, frameworks, and tools to

protect systems, data, and networks while ensuring compliance and ethical practices. Below are
detailed explanations of the key components:

1.1 Security Planning

Security planning involves designing a proactive strategy to protect an organization's assets,

operations, and personnel. It serves as the foundation for implementing effective security
measures.

Key Aspects:

1. Asset Identification: Cataloging critical systems, data, and infrastructure that need
protection.
2. Threat Analysis: Evaluating potential security threats (e.g., hackers, malware, insider
threats, and natural disasters).
3. Risk Assessment: Determining vulnerabilities and estimating the likelihood and impact
of risks.
4. Security Goals: Defining clear objectives like maintaining confidentiality, integrity, and
availability of assets.
5. Contingency Planning: Developing response and recovery plans for incidents like
cyberattacks or system failures.

Output: A security plan detailing policies, controls, and procedures to minimize risk.

1.2 Risk Analysis

The process of identifying, evaluating, and prioritizing risks to an organization’s assets and
operations.

Steps in Risk Analysis:

1. Risk Identification: Cataloging threats like unauthorized access, data breaches, and
physical theft.
2. Assessment of Vulnerabilities: Identifying weak points in systems, such as outdated
software or lack of encryption.
3. Impact Analysis: Evaluating the potential consequences of a security breach (e.g.,
financial losses, reputation damage).
4. Risk Prioritization: Categorizing risks based on their likelihood and impact to focus
resources effectively.
5. Mitigation Planning: Developing strategies to reduce or eliminate risks (e.g., firewalls,
training programs, regular audits).

Outcome: A ranked list of risks and a plan to mitigate them.

 1.3 Security Policies

Security policies are formal documents outlining the rules, procedures, and standards for
maintaining security within an organization.

Components of Security Policies:

1. Access Control: Rules for who can access systems, data, and applications.
2. Data Protection: Guidelines for encrypting, backing up, and securely storing sensitive
information.
3. Acceptable Use Policy (AUP): Defines permissible use of company resources (e.g.,
email, internet).
4. Incident Response: Procedures for detecting, responding to, and reporting security
incidents.
5. Compliance Requirements: Adherence to laws, regulations, and standards (e.g., GDPR,
HIPAA).
6. Employee Training: Mandates for educating staff about security best practices.

Purpose: Security policies establish a unified approach to safeguarding an organization.

1.4 Cybersecurity

Cybersecurity refers to the protection of internet-connected systems, including hardware,

software, and data, from cyberattacks.

Key Components:

1. Network Security: Securing the network infrastructure with tools like firewalls,
intrusion detection systems, and VPNs.
2. Endpoint Security: Protecting devices like computers, mobile phones, and servers
through antivirus software and regular updates.
3. Application Security: Ensuring software is free of vulnerabilities through secure coding
and testing.
4. Data Security: Encrypting sensitive data to prevent unauthorized access during storage
and transmission.
5. Threat Detection: Using AI and monitoring tools to identify and respond to cyber threats
in real-time.
6. Incident Response: A detailed plan for handling breaches, minimizing damage, and
recovering systems.

Importance: As cyber threats evolve, cybersecurity ensures resilience against malicious actors
and safeguards sensitive information.
 1.5 Ethics

Ethics in security focuses on maintaining moral principles while protecting systems and data,
balancing privacy rights and organizational interests.

Key Considerations:

1. Privacy Protection: Respecting user and customer data, ensuring transparency in data
usage.
2. Surveillance: Striking a balance between monitoring for security and avoiding intrusive
practices.
3. Fair Access: Ensuring security measures do not discriminate or create unequal
opportunities.
4. Hacking Ethics: Following responsible disclosure when finding vulnerabilities, avoiding
malicious or illegal activities.
5. Compliance and Honesty: Adhering to legal and ethical standards, avoiding deceptive
practices.

Examples of Ethical Challenges:

 Should companies monitor employees' personal devices for security?

 How much personal data should be collected for cybersecurity purposes?

Outcome: Ethical considerations ensure security measures respect individuals' rights while
achieving organizational goals.

By addressing security planning, risk analysis, security policies, cybersecurity, and ethics,
organizations can create robust and ethical systems to protect themselves against a wide range of
threats.