TS5312 - Security Risk Management
Due April 22, 2012 11:59 PM
To: Dr. Brett Miller
1220 Quincy Dr.
Glenn Heights, TX 75154
Table of Contents
When a group of people or one person decides to go into business for themselves they are taking a risk. A good business person will take the time to evaluate the risk that is involved in doing this not only to understand what they are doing, but also to show whoever the stakeholders of the project what they are getting involved in. Since technology touches every aspect of modern life and as time progress will continue to touch even more of our lives it is just as important to understand the risk that technology will play in the world. Risk management is considering one of the most important parts of the IT infrastructure in the today’s information highway. Poor planning can lead to the downfall of most organizations. If they do not have a plan of action in which they will deal with risk. Simply put (Threat X Vulnerability = Risk) which is the equation used and when going a step further (Threat X Vulnerability X Cost = Risk) which give value to the risk making it much easier to see what is most important in an organization. Reporting
System administrators and InfoSec personal are responsible for making sure that computer systems work correctly out in the field and that the technology impacts the company in a positive way. Some experts would say to accomplish this you must first have a good baseline. A baseline is a line serving as a basis, as for measurement, calculation, or location. By creating a baseline one now has a way to compare and see improvements to the network vs. unproductive changes. One of the ways that this can be accomplished is through reporting.
Maintaining system logs and audits is a great way of...