Prior to developing an information security plan, it is important to understand

Question

Prior to developing an information security plan, it is important to understand and evaluate potential security risks before formulating prevention strategies. For this assignment, you will continue the planning process by adding the Risk Assessment section to the Information Security Assurance Implementation Plan. You will analyze and perform a risk assessment of the organization’s information systems. You will also discuss the importance of security in the design of information systems. The project deliverables for Week 2 are as follows: Update the Information Security Assurance Implementation Plan title page with a new date. Update the previously completed sections based on the instructor's feedback. Risk Assessment Perform a risk assessment of the organization’s network management, server management, Web and non-Web applications, data management, and cloud computing. Identify the threat vulnerabilities, affected assets, impact, and possible countermeasures identified in the previous section. Discuss the importance of security in the design of information systems.

Explanation / Answer

Hi,

Below is the answer-

1. To Protect Data-
The key asset that a security program helps to protect is your data — and the value of your business is in its data. If the company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data. If your data management practices are not already covered by regulations, consider the value of the following:

Product information, including designs, plans, patent applications, source code, and drawings
Financial information, including market assessments and your company’s own financial records
Customer information, including confidential information you hold on behalf of customers or clients
Protecting your data means protecting its confidentiality, integrity, and availability as illustrated by the C-I-A triangle (Figure 1). The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill.

2. To protect Data confidentiality -
Failure to protect your data’s confidentiality might result in customer credit card numbers being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential information and you may have fewer of them in the future.

3. To protect Data Integrity-
A data integrity failure might result in a Trojan horse or any other virus being planted into the software, allowing an intruder to pass your corporate secrets on to your competitors. If an integrity failure affects your accounting records, you may no longer really know your company’s true financial status.

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.