Sign In
Not register? Register Now!
Essay Available:
Pages:
3 pages/β‰ˆ825 words
Sources:
5 Sources
Style:
APA
Subject:
Technology
Type:
Case Study
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 18.23
Topic:

ITM527 MOD1: How to Systematically Conduct Risk Assessments of Information System Security Risks?

Case Study Instructions:

Module 1 - Case
Risk Assessment
Assignment Overview
Information Systems have become the foundational platforms for many organizations and businesses to carry out their missions and business functions. Hence, managing the security risk related to the use and operation of the information systems has also become a critical component of managing organizational risks. The following article provides an overview of managing information security risk, especially from the managerial perspective.
NIST (2011), "Managing Information Security Risk -- Organization, Mission and Information System View," National Institute of Standards and Technology Special Publication 800-39.
Effective risk management of information system security first asks for systematic risk assessment. The following article provides frameworks, fundamentals, and processes for risk assessment. Matrix are also suggested to guide detailed risk assessment of threats, their likelihood, and impacts, etc.
NIST (2011). Information Security -- Guide for Conducting Risk Assessments. National Institute of Standards and Technology Special Publication 800-30 Revision 1.
The following chapter in the Handbook of Information Security Management also covers the similar topics such as the risk assessment of threats and likelihood, qualitative and quantitative considerations of risk assessment and even some accounting methods. Even speaking in slightly different languages, the fundamentals and methods are similar.
Ozier, W. Section 3-1—Risk Analysis. Handbook of Information Security Management.
Case Assignment
After reading the above articles (the first two are documentations with many pages, please selectively read the important content rather than read word-by-word), please write a 3-5 page paper titled:
"How to Systematically Conduct Risk Assessments of Information System Security Risks? -- Fundamentals and Methods" 
Assignment Expectations
Please address the following issues in your paper:
1. The importance of risk management for information system security
2. The principles and fundamentals of risk management of information system security
3. The importance and fundamentals of risk assessment of information system security
4. The methods of risk assessments including processes, matrix, calculations, etc.
5. The challenges and solutions to risk assessments that are particularly interesting to you
Please use original writing (No Plagerism)
Please use American URLs that can be easily verified on the web on the reference page.
Please include the page numbers in the in text references; APA style.
Read the background material in the attachment titled Background

Case Study Sample Content Preview:

How to Systematically Conduct Risk Assessments of Information System Security Risks? - Fundamentals and Methods
Name
Institution
How to Systematically Conduct Risk Assessments of Information System Security Risks? - Fundamentals and Methods
Risk management for information system security is important in dealing with uncertainties in regards to confidentiality, integrity, and/or the availability of an information system. In this way, managing risks is an effective way of protecting and securing the mission, as well as assets of an organization. When an organization understands the risk, especially the specific risks that can affect, it enables an organization secure the system equal to its value to the firm. Failure to manage risks can cause an organization to experience information security threats that can prevent the organization from reaching its objectives (Joint Task Force Transformation Initiative, 2011, p. 1).
The principles and fundamentals of risk management for information system security are framing the risk, assessing the risk, responding, and monitoring the risk. To frame the risk requires the organization to come up with a risk management strategy. The organization has to identify the risk assumptions such as expectations of threats, consequences, or vulnerabilities of the risk. Framing also requires risk constrains such as limitations while assessing the risk and the organization has to frame risk tolerance such as levels and types of risks. Finally, there is need to check for priorities and tradeoffs in order to determine which risks to highlight or prioritize (Joint Task Force Transformation Initiative, 2011, p. 6). Assessing the risk aims to identify the threats, vulnerabilities both internal and external, the harm that the organization may experience and also assess the likelihood that the harm may actually occur. Responding to the risk offers an organization a chance to develop an alternative way of dealing with the risk, evaluating these alternatives, determine the most appropriate course of action, and then implement the risk response based on the selected alternative. Monitoring the risk means verifying that the implemented response measures offer satisfying results and ensure that the changes to the information system have a positive impact (Joint Task Force Transformation Initiative, 2011, p. 7).
The importance of risk assessment is that it allows an organization to identify, approximate, and even prioritize risk in its operations. Therefore, the fundamentals of risk assessment is the identification of threats such as threats to human resource, operations or assets or the threats can be directed through one organization to cause harm to another. The management and decision makers recognize the relevant threats to the system and develop appropriate measures. Risk assessment also focuses on international and external vulnerabilities that have the potential to distract or prevent an organization from reaching its objectives. It also checks the harm or negative impact that is likely to happen given the identified threats that exploits the vulnerabilities. Finally risk assessment recognizes the likelihood of this harm that will happen. The result of this is the determination of the risk mainly ...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

πŸ‘€ Other Visitors are Viewing These APA Case Study Samples:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now