Week -2 Attendance Assignment | 1

Week 2 – Attendance Assignment

ITM 5600 TX S1 2025 - ITM Security

By

Revanth chary Tukkapuram

Webster University

Master of Arts in Information Technology Management

Professor: Héctor £. Pérez, Sr

 Week -2 Attendance Assignment | 2

Abstract

Today's security threats include dangerous ransomware attacks against businesses everywhere.

Security protection of NLC Ltd.’s IT system needs strong technical and procedural security

measures to work together effectively. This document shows how NLC needs to mix IT risk

analysis methods with NLC's big picture risk management system and explains how incident

response fits inside this structure. This report tests security solution performance against

identified threats and shows how intrusion prevention systems (IPS) and firewalls protect the

organization from attacks.

1. Combining Quantitative and Qualitative Risk Assessment Methods IDS are security:

IT risk management works at its best when both quantitative and qualitative

methods work together to show all possible risks:

 Quantitative Risk Assessment: Rational Threat Assessor deals just with

numerical statistics about ransomware attacks including their potential

outcomes and financial implications. By multiplying the Single Loss

Expectancy with the Annual Rate of Occurrence NLC Ltd. can determine the

Annual Loss Expectancy to focus security efforts on its riskiest areas.

 Qualitative Risk Assessment: This technique assesses non-measurable areas of

risk, particularly employee understanding of security and the organization's

work environment alongside how a cyber attack on systems might affect its

name. Risk matrices and expert judgment help organizations see how their

threats affect everywhere in their systems.

 Week -2 Attendance Assignment | 3

NLC Ltd. can create a better risk picture by bringing its different examination

approaches together. The statistics show how much money ransomware victims have lost

yet employee training analysis reveals where the defense system fell short. These

strategies let our organization use its resources wisely to defend against technical weak

points and human security issues.

2. Incident Response Plans in Risk Management:

IT risk management at NLC relies heavily on Incident Response Plans as their

core protective elements. With their organized framework IRPs help NLC find and react

to ransomware events while reducing the impact on daily operations.

 Detection and Containment: This IRP shows how to find ransomware attacks

quickly by running intrusion detection systems (IDS) and endpoint protection

tools. When an incident occurs organizations take immediate steps to isolate

hardware units to stop ransomware from spreading further.

 Eradication and Recovery: After stopping the attack the IRP works to

eliminate ransomware and bring operations back online. The company

maintains safe backup data so NLC Ltd. can restore its encrypted files instead

of giving in to blackmailers.

 Integration with Risk Management: The IRP works with overall risk

management by adding incident data to help adjust organization risk

 Week -2 Attendance Assignment | 4

outcomes. Past incident reviews teach new ways to lower organization risks

that help create an ongoing improvement process.

3. Evaluating Security Solutions:

To prevent ransomware and similar threats NLC Ltd requires security solutions

which need testing against particular weakness:

 Intrusion Prevention Systems (IPS): IPS stops network attacks but the system

needs additional protection to handle weak passwords. Adding secure

password requirements and using multiple verification methods together will

protect users better.

 Firewalls: The main job of firewalls is to watch and limit what goes in and out

through network connections. Besides firewall protection they cannot check if

remote clients work with the latest updates. To meet security needs NLC Ltd.

should set up security systems to test remote devices for compliance before

they access the network.

 Comprehensive Security Measures: Ransomware protection needs backup

from anti-malware tools plus email filters plus employee security training.

When employees know about phishing methods they can protect the business

from harmful emails that contain ransomware.

 Week -2 Attendance Assignment | 5

Conclusion:

NLC Ltd. can improve ransomware attack resilience through combined analysis

of threat data and real-world feedback plus strong action plans and monitored security system

outcomes. A proactive security approach alongside ongoing observation and enhancement will

maintain our IT system security against current and future threats.

 Week -2 Attendance Assignment | 6

References

 National Institute of Standards and Technology (NIST). (2022). Cybersecurity

Framework.

o Retrieved from https://www.nist.gov/cyberframework

 Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security (6th ed.).

Cengage Learning.

o Retrieved from https://www.cengage.com/

 Kim, D., & Solomon, M. G. (2018). Fundamentals of Information Systems Security (3rd

ed.). Jones & Bartlett Learning.

o Retrieved from

http://ndl.ethernet.edu.et/bitstream/123456789/35765/1/Fundamentals%20of

%20information%20systems%20security.pdf