User Account

All Pages

Basic principles of information security - risk management, Other Subject

Assignment Help:

Risk Management

Security is everyone's responsibility. Security awareness poster. U.S. Department of Commerce/Office of Security.

A complete treatment of the topic of risk management is further than the scope of this editorial. We will however, provide a helpful definition of risk management, draw round a usually used process for risk management, and describe some basic terminology.

The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and make a decision what

Countermeasures, if any, to obtain in reducing risk to a suitable level, based on the value of the information reserve to the organization."

There are two things in this description that may require some explanation. First, the procedure of risk management is an ongoing iterative process. It must be frequent without letting up. The business environment is continuously changing and new fear and vulnerabilities come out every day. Second, the choice of countermeasures (controls) used to manage risks have to strike a balance between efficiency, cost, usefulness of the countermeasure, and the worth of the informational asset being sheltered.

Risk is the probability that something bad will occur that causes damage to an informational asset (or the loss of the asset). Vulnerability is a fault that could be used to put in danger or cause harm to an informational asset. A risk is anything (man made or act of nature) that has the possible to reason harm.

The probability that a danger will use a vulnerability to reason harm creates a risk. When a warning does use a vulnerability to impose harm, it has a crash. In the context of information security, the crash is a loss of integrity, confidentiality, availability, and possibly other losses (loss of life, lost income, and loss of real possessions). It should be pointed out that it is not possible to identify all risks, nor is it probable to remove all risk. The enduring risk is called residual risk.

A risk assessment is carried out by a team of people who have knowledge of exact areas of the trade. association of the team may contrast over time as dissimilar parts of the business are assessed. The measurement may use a prejudiced qualitative analysis based on informed opinion, or where reliable dollar statistics and historical information is existing, the analysis may use quantitative analysis.

The ISO/IEC 27002:2005 Code of put into practice for information security management suggests the subsequent be examined during a risk assessment

  • interactions and operations management,
  • access control,
  • security policy,
  • organization of information security,
  • asset management, human resources security,
  • physical and environmental security,
  • information security event management,
  • business continuity management, and
  • regulatory compliance.
  • information systems acquisition,
  • development and maintenance,

In wide provisions the risk management process consists of

1.   Recognition of assets and approximation their value. Include: building, persons, software, hardware, data (print, electronic, other), and supplies.

2.   carry out a threat assessment. Include: Acts of natural world, accidents, acts of war, malicious acts originating from inside or outside the association.

3.   Conduct a susceptibility assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, events, standards, training, physical security, quality control, technological safety

4.   compute the collision that each threat would have on each asset. Use qualitative analysis or quantitative analysis.

5.   recognize, select and implement suitable controls. offer a comparative response. Consider efficiency, cost efficiency, and value of the asset.

Evaluate the efficiency of the control procedures. make sure the controls provide

For any known risk, Executive Management can decide to accept the risk based upon the qualified low value of the asset, the comparative low rate of incidence, and the comparative low impact on the business. Or, management may prefer to mitigate the risk by selecting and implementing appropriate control actions to reduce the risk. In a number of cases, the danger can be transferred to an additional business by buying assurance or out-sourcing to another business. The reality of some risks may be doubtful. In such cases leadership may choose to deny the risk. This is itself a possible risk.

Related Discussions:- Basic principles of information security - risk management

Speech writing, You are required to select a thought-provoking philosophica...

You are required to select a thought-provoking philosophical, literary, political, spiritual quotation to use as the basis for a short prepared speech. You may not use lines from t

#title.HR., Identify three human resource practices that can impede custome...

Identify three human resource practices that can impede customer service employees from delivering high quality service. Describe how you would modify each practice to promote high

Lane changing behavior - traffic congestion, Lane-Changing Behavior - Traff...

Lane-Changing Behavior - Traffic Congestion Lane changing occurs when a vehicle is overtaking another vehicle on an overtaking lane or a multi-lane section of the road. In o

Liver in digestion process, The liver is a large organ that plays a central...

The liver is a large organ that plays a central role in digestion. All blood carrying nutrients from the digestive tract is channeled through the hepatic portal vein to the liver,

Inter-cultural competent counsellors in schools, Problem 1: (a) With r...

Problem 1: (a) With reference to relevant literature and / or theory, explain what is meant by counselling. (b) Justify six key reasons why secondary institutions shoul

A huge Virtual Team of Tutors across India helping students, We at Expertsm...

We at Expertsmind provide online teaching and Homework assistance to graduates and Post graduate students in US and UK. We offer help in almost all academic subjects including Engi

Assessment on develop cultural competency., this is an assessment of diplom...

this is an assessment of diploma in early childhood education and care.

Interactive web, Interactive Web Web has a client/server structural...

Interactive Web Web has a client/server structural design, where a browser runs on the client such as Microsoft Explorer or Netscape and a Web server like Apache server run

Card based electronic fund transfer, CARD BASED EFT EFT may be begun by...

CARD BASED EFT EFT may be begun by a cardholder when a payment card for instance a credit card or debit card is used. This might take place at an automated teller machine (ATM)

What do you meant by ageing, Problem 1: (a) What do you meant by ageing...

Problem 1: (a) What do you meant by ageing? (b) Explain the ageing process from the physical/physiological angle. (c) Show ageing from the psychological point of view.

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd