Module 1 Case: Information Security System Risk Management
Module 1 - Case
INFORMATION SECURITY SYSTEM RISK MANAGEMENT
Based on the reading materials at background section and your own research, prepare a 4-7 page paper to describe the process of creating an information security risk management procedure. Your paper should be organized in the following way:
Identification, classification, and prioritization of information security risk
control mechanism that could be taken and the strategic options to mitigate and control information risk
Assignment Expectations
Your paper should provide a summary of your findings from the assigned materials and any good quality resources you can find. Please cite all sources and provide a reference list at the end of your paper. The following items will be assessed in particular:
Ability to consolidate ideas from reading materials.
Demonstration of your understanding of how to create an information security management process.
The ability to express your ideas clearly.
Module 1
Required Reading
Information security risk management process - (Please make sure all 211 slides appear when you open this file.)
Technology risk assessments key to protecting companies from information security threats (November 15, 2006), Business wire.
Mann, L. (2010). Information Security & Risk Management. Retrieved on March 6, 2013, from http://www(dot)youtube(dot)com/watch?v=BHh3z7B_wvI
Krause, M. et. al. (July 1, 2008). Information security management basics. Retrieved from http://www(dot)csoonline(dot)com/article/413965/information-security-management-the-basics?page=1
Information security handbook. Retrieved fon March 3, 2013, from http://ithandbook(dot)ffiec(dot)gov/it-booklets/information-security.aspx
Amancei, C. (2011). Practical Methods for Information Security Risk Management. Informatica Economic?, 15(1), 151-159.
Spears, J. & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-522.
Jones, A. (2007). A framework for the management of information security risks. BT technology journal, 25(1), 30-36.
Jourdan, Z., Rainer, R., Marshall, T., & Ford, F. (2010). An investigation of organizational information security risk anaysis. Journal of Service Science, 3(2), 33-42.
Optional materials
All your devices can be hacked, Ted talk by Avi Rubin. Retrieved on March 18, 2013, from http://www(dot)youtube(dot)com/watch?v=metkEeZvHTg.
Security online training - mitigating threats
Krause, M. et al. (2008). Information security management: the basics. Retrieved on March 6, 2013, from http://www(dot)csoonline(dot)com/article/413965/information-security-management-the-basics?page=1
Armerding, T. (February 15, 2012) The 15 worst data security breaches of the 21st century. Retrieved on March 6, 2013, from http://www(dot)csoonline(dot)com/article/700263/the-15-worst-data-security-breaches-of-the-21st-century
Information Security System Risk Management
Name:
Instructor:
Institution:
Date:
Introduction
Among the most vital components of any organization, information is critical towards the progress and performance of them. The nature, confidentiality, and validity of data and information are what will give one organization an upper hand against another. Organizations often face some threats to their information from any direction. These can be in the form of hackers, viruses, or denial of service (DoS) issues. It is, therefore, imperative that information is protected, so as to safeguard its integrity. However, the security of information only through the technical measures is not foolproof enough, since it leaves numerous vulnerabilities for the same said information. Towards this end, there is a host of things that can be done so as to come up with the most relevant strategies or measures. The most evident and inevitable first step is to come up with procedures as well as policies that would adequately safeguard information. This paper provides a systematic breakdown of the steps involved in coming up with information security and processes.
Policies
Policies hinging on security constitute the most fundamental aspect of organizational cybersecurity. For a given policy to be considered effective enough, it must have adequate documentation on what has to be done to safeguard not only the information but also the people in the organization. As a result, such a policy also has to contain guidelines on how the members of staff operate their respective computer systems while at the workplace (Landess, 2003). As the first line of action, all the personnel in charge of the system and information security in the organization, such as database administrators, need to acknowledge the fact that there exist potential threats to their information. The same should be the case for the other stakeholders as well. User participation, according to Spears & Barki (2010), is also essential.
Once they acknowledge this fact, then they should come up with ways to handle the same, either as a diagnostic measure, or a preventive one. Setting up of a security policy will depend on three critical factors; the level and type of threat in question, the size of the organization, and the available resources that the organization has at its disposal, to deal with the threat. Resources, in this case, will essentially be financial. It will then call for the coordination and participation of all the employees of the organization to identify and implement the necessary measures. This last aspect is as important as Krause (2008) notes that establishing the program is just one part, the crucial part is embedding the program’s principles into the ‘DNA’ of the entity.
Identification
The identification process involves earmarking the critical assets of the organization as well as the identification of the threats and weaknesses in the organization's systems. Identifying the organization’s assets includes compiling a list of all the physical aspects of the organization’s information system. These include routers, type of information moving through its networks, its servers and locations of its servers, as well as the...
π Other Visitors are Viewing These APA Coursework Samples:
- USAA Technology Innovative at Its Best13 pages/β3575 words | 4 Sources | APA | Technology | Coursework |
- Adventures in Control Structures: Auditing (Module 1 SLP)2 pages/β550 words | 3 Sources | APA | Technology | Coursework |
- Technology I chose is Cameras2 pages/β550 words | 2 Sources | APA | Technology | Coursework |
- Static and Dynamic Routing2 pages/β550 words | 6 Sources | APA | Technology | Coursework |
- Doppler Effect1 page/β275 words | 1 Source | APA | Technology | Coursework |
- List and Briefly Discuss Various Operating System Services2 pages/β550 words | 3 Sources | APA | Technology | Coursework |
- ITM527 Mod SLP: Risk Assessment of Operation Security Domain3 pages/β825 words | 5 Sources | APA | Technology | Coursework |