The importance of managing risk cannot be over emphasized. There is no such thin

Question

The importance of managing risk cannot be over emphasized. There is no such thing as having a 100% solution to securing your network. Given the fact that no organization has an unlimited amount of money and personnel that they can apply to securing the network, there is a level of risk that must be accepted. This is a balance of the type and sensitivity of the information being secured and the amount of resources available to apply to securing it.

1. Identify and discuss the three primary areas of information security risk management.

2. Since we must apply resources to each, what is the value that each brings to the organization’s successful security implementation?

Explanation / Answer

Answer-1. Information security is a key for the success to any organization. Safeguarding the sensitive information is a critical need as any information related to organization or business possesses risk. Thus risk managemet is necessary. The cost associated with the information security risk managemet is also needs to be critically understood as every organization holds a limited budget for the information security. Thus a balance between the budget and the risk management is necessary.

The 3 primary areas of information security risk management are as below :
1. Vulnerability : This is the important factor as vulnerability in information security leads to harmful results to any organization. How vulnerable is the information system and how the access is managed to the end users. The risk should be managed so that critical information is only accessible by the authorised personnel. The information sharing should also be done with the authorised persons only.
2. Impact : This is also an important factor as it decides what are impacts of the information security breach. The analysis is done for the impacts on the organization as well as the individual impacts are also considered here. The owner of the information is the primary factor in the impact analysis.
3. Risk Acceptance : In this, the risk acceptance is identified. What type of potential risks exist in the information system also what level of risk can be accepted by the organization. Information management should be aligned with the information classification. For example : The information classified as "internal" should only be accessible by the persons within the organization and can be shared only internal to organization.

Answer-2. The resources applied for information security risk management are below :

The Information Security Officer : The information security officer is a single point of contact in case of any information security issue. He is responsible for information classification guidlines for any organization. Also the information security is managed by him. The information access guidlines are also determined by him. Thus he is the most valuable person in the organization with regards to information security.

Network Administrator : The network adminstrator is also an important person who manages the network access in the organization. The harmful sitesz can be prevented from the access at the very initial level. The firewall rules are set by him which decides the sites accessed.

Security Managers : The security manager is responsible for the effective execution of information security rules and laws. He ensures that no breaches are happened related to information security.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.