To:Senior Management, JMZ Adventure Ecotours
From:IT Department, JMZ Adventure Ecotours
Re:Information Security Risk Assessment Findings
The IT department was recently given the task of performing an information security risk assessment in order to help guide management in prioritizing their approach to mitigating security risks for JMZ Adventure Ecotours. This memo will show the results of that analysis; identifying the greatest IT vulnerabilities and risks within the company, provide recommendations for mitigating the information security risks and provide recommendations regarding the overall information security program at JMZ. Information Security Impacts
Impacts are the [adverse] consequences on the individual, organization or community resulting from information security incidents: •Disruption to organizational routines and processes with consequent interruption to trading capabilities, loss of income, etc. •Direct financial losses through information theft and fraud, whether simply the “background noise” or exceptional and obvious in nature •Decrease in shareholder value because of negative impact on customer relations, lost sales, and decline in public confidence •Reputational damage causing lost customers, customer complaints and defection •Replacement costs for equipment and data damage, stolen, corrupted or lost in incidents •Reduced profitability, growth and bonuses caused by the background noise of security incidents, control costs and unspecified doubts about the effectiveness of security
Information Security Vulnerabilities
A flaw or weakness in a system’s security procedures, design, implementation or internal controls that could be exploited and result in a security breach, violation of the systems security policy or other impact. •Software bugs and design flaws, particularly those in mass-market software such as Windows and TCP/IP [usually exploited by hackers and other criminals] •Inadequate...