Essay Risk Management in Information Technology Security

IS3110 Risk Management in Information Technology Security STUDENT COPY: Graded Assignments  © ITT Educational Services, Inc. All Rights Reserved. -73- Change Date: 05/25/2011 Unit 1 Assignment 1: Application of Risk Management Techniques Learning Objectives and Outcomes You will be able to identify different risk management techniques for the seven domains of a typical IT infrastructure and apply them under different situations. Assignment Requirements Introduction: As discussed in this Unit, after IT professionals identify threat/vulnerability pairs and estimate the likelihood of their occurrence, IT management must decide which risk management techniques are appropriate to manage these risks. IT managers then present this†¦show more content†¦The remote production facilities connect to headquarters via routers T-1 (1.54 mbps telecomm circuit) LAN connections provided by an external Internet service providers (ISP) and share an Internet connection through a firewall at headquarters. Individual sales personnel throughout the country connect to YieldMore’s network via virtual private network (VPN) software through their individual Internet connections, typically in a home office. Tasks: Using the threat/vulnerability pairs, and considering the likelihood of occurrence for each identified by your small group earlier in the Unit, assume the role of an IT manager assigned by YieldMore’s senior management to conduct the following risk management tasks. 1. Analyze and explain each of the threat/vulnerability pairs and their likelihood of occurrence. 2. Determine which of the six risk management techniques is appropriate for each risk explained in Task 1. 3. Justify your reasoning for each chosen management technique. 4. Prepare a brief report or presentation of your findings for senior management to review. Submission Requirements Use the following guidelines to submit this assignment: Format: Use a standard word processor or presentation format compatible with Microsoft Word or PowerPoint. Font: Arial 10 point size Line Spacing: DoubleShow MoreRelatedReviewing State Of Maryland Information Security Program Documentation917 Words   |  4 Pagespaper is to review State of Maryland information security program documentation and to determine the security standards used to create the program in order to protect confidentiality, integrity and availability of agency operations, organizational assets or individuals which is the main agenda of State of Maryland Department of information technology. We will also discuss about other standards that can be useful for the State of Maryland Information technology and compare and contrast the standardsRead MoreManaging Information Security Risks: The Octave Approach1635 Words   |  6 PagesAlberts, C. Dorofee, A.(2003) Managing Information Security Risks: The OCTAVE Approach. New York: Addison Wesley. This work is a descriptive and yet process-oriented book on the concept of security risk assessment with a specific focus on new risk evaluation methodology, OCTAVE. The term OCTAVE is used to denote f Operationally Critical Threat, Asset, and Vulnerability Evaluation SM.It is important that organizations conduct a security risk evaluation in order for them to effectively evaluateRead MoreRisk Assessment : An Essential Part Of A Risk Management Process1046 Words   |  5 PagesIntroduction The risk assessment is an essential part of a risk management process designed to provide appropriate levels of security for information systems. The assessment approach analyzes the relationships among assets, threats, vulnerabilities and other elements. Security risk assessment should be a continuous activity. Thus, a comprehensive enterprise security risk assessment should be conducted at least once every two years to explore the risks associated with the organization’s information systemsRead MoreAssessment of Risk Management and Control Effectiveness at Cincom Systems1581 Words   |  6 PagesAssessment of Risk Management and Control Effectiveness at Cincom Systems Introduction Based on the Information Asset Inventory and Analysis completed for Cincom Systems the next phase of improving their enterprise security management strategy is to concentrate on assessments of risk management and control effectiveness. This specific study evaluates the effectiveness of the security technologies and methodologies in place at Cincom, also determining uncertainty and calculating the risk of the mostRead MoreRisk Assessment Of Information Systems Security Risks Essay1311 Words   |  6 PagesInformation security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of informationRead MoreThe Role Of Internal Audit Departments On The Business Community On How Their Work Adds Value1201 Words   |  5 Pagesnetworks, operating systems, security systems, software applications, web services, databases, telecom infrastructure, change management procedures and disaster recovery planning. The sequence of a standard audit starts with identifying risks, then assessing the design of controls and finally testing the effectiveness of the controls. Skillful auditors can add value in each phase of the audit. Companies generally maintain an IT audit function to provide assurance on technology controls and to ensureRead MoreApplying Risk Management1058 Words   |  5 Pagesï » ¿ Applying Risk Management CMGT/430 Applying Risk Management Risk management is an important element in managing information systems. Applying risk management principals to business procedures is essential because it helps organizations design and maintain a safe systems environment to ensure the confidentiality, integrity, and availability of company data. Kudler Fine Foods has expressed an interestRead MoreInternational Organization For Standardization Information Security1411 Words   |  6 PagesInformation Security As a kind of resources, information has the character of universality, sharing, value-added, hand-liability and multiple utilities and these advantages make information has special significance for human beings. The essence of information security is to protect information systems or information resources in the information network from various types of threats, interferences and damages. According to the definition of international organization for standardization, informationRead MoreCase Analysis : Topaz Information Solutions1184 Words   |  5 PagesINTRODUCTION 1. PURPOSE Topaz Information Solutions, LLC (Topaz) is considered a business associate under the Health Insurance Portability and Accountability Act (HIPAA). A business associate performs certain functions or activities that involve the use or disclosure of protected health information (PHI) on behalf of or for a covered entity. As a business associate (BA), Topaz is required to complete an annual security risk assessment to evaluate the physical, administrative and technical safeguardsRead MoreThe Importance Of IT Risk Management Training Program1161 Words   |  5 PagesIT risk management training program must above all be relevant to the skills required to mitigate the kinds of risk to which an organizations critical information is exposed. A poorly framed or overly generalized risk training program may fail to adequately prepare employees for real-world threats to an organizations critical IT infrastructure. It is with this in mind that the assignment at-hand seeks to explore training program requirements for an organization that deals with information, both