Isc363 Phase 3
Assignment 6: Case Study Phase 3
Jerry Cunningham
Professor Tannoury
ISSC363 B001 SPRING 15
PHASE 3: The level of security can determine the rise and fall of any organization, no matter how big or small the company may seem, so mitigating risk should always be the number one priority. Risk mitigation can be define as the process of implementing any form strategic actions that will reduce the level of threats that may cause financial hardship towards the organization. In addition, risk mitigation tracks, identify and evaluation all form of risk, including new and old. The focus of risk mitigation is to assist the organization’s department of security administration with identifying a list of potential problems that …show more content…
I was able to justify my reasoning by evaluating the total time it would have taken me to calculate the total cost; highlight any areas that show the likelihood of any form of risk occurring in the near future. Reducing any changes and the impact of risk is extremely vital and should be considered more vital to business, than losing capital when a risk has occurred. For businesses, the primary goal is to alleviate as much risk as possible and develop before addressing your business process. For this purpose, According to Walsh (20014), “There are a total of 9 steps that should be utilized when performing after conducting a Risk Assessment; characterization, threat identification, vulnerability identification, control analysis, likelihood of exploitation, impact, risk determination, recommendations for control, and results” (Walsh, 2014).
As we progress forward, a few specific requirements such as software and data, information and hardware must be obtained in order to identify the type of system needed. The collected information is vital when determining the type of classifications and what is needed to insure the items or information is being secured. When it comes to threat identification, are level of threats is categorize …show more content…
Information will be easy obtained and backed up every three to four hours. Organization will conduct a monthly drill to test their level of security and the ability to become fully mission ready within 12 hours. Restrictive policies should be in place to prevent the use of personal devices on the organizations’ computers
References
Gibson, D. (2010). Managing Risk in Information Systems. Sudbury, MA. Jones & Bartlett Learning. ISBN: 978-0-7637-9187-2
Ready. (2014, January 28). Risk Assessment Sources. Retrieved from http://www.ready.gov/risk-assessment
Risk Management Plan Template. (2014, November 12). Retrieved from http://www.projectmanagementdocs.com/project-planning-templates/risk-management-plan.html
Sims, S. (2015). Qualitative vs. Quantitative Risk Assessment. Retrieved from http://www.sans.edu/research/leadership-laboratory/article/risk-assessment
The Federal Highway Administration’s Office. (2015, May). 5. Risk Mitigation and Planning - Risk Assessment and Allocation for Highway Construction Management | Office of International Programs | FHWA. Retrieved from http://international.fhwa.dot.gov/riskassess/risk_hcm06
United States General Accounting Office. (1999, November 19). Information Security Risk Assessment. Retrieved from
Jerry Cunningham
Professor Tannoury
ISSC363 B001 SPRING 15
PHASE 3: The level of security can determine the rise and fall of any organization, no matter how big or small the company may seem, so mitigating risk should always be the number one priority. Risk mitigation can be define as the process of implementing any form strategic actions that will reduce the level of threats that may cause financial hardship towards the organization. In addition, risk mitigation tracks, identify and evaluation all form of risk, including new and old. The focus of risk mitigation is to assist the organization’s department of security administration with identifying a list of potential problems that …show more content…
I was able to justify my reasoning by evaluating the total time it would have taken me to calculate the total cost; highlight any areas that show the likelihood of any form of risk occurring in the near future. Reducing any changes and the impact of risk is extremely vital and should be considered more vital to business, than losing capital when a risk has occurred. For businesses, the primary goal is to alleviate as much risk as possible and develop before addressing your business process. For this purpose, According to Walsh (20014), “There are a total of 9 steps that should be utilized when performing after conducting a Risk Assessment; characterization, threat identification, vulnerability identification, control analysis, likelihood of exploitation, impact, risk determination, recommendations for control, and results” (Walsh, 2014).
As we progress forward, a few specific requirements such as software and data, information and hardware must be obtained in order to identify the type of system needed. The collected information is vital when determining the type of classifications and what is needed to insure the items or information is being secured. When it comes to threat identification, are level of threats is categorize …show more content…
Information will be easy obtained and backed up every three to four hours. Organization will conduct a monthly drill to test their level of security and the ability to become fully mission ready within 12 hours. Restrictive policies should be in place to prevent the use of personal devices on the organizations’ computers
References
Gibson, D. (2010). Managing Risk in Information Systems. Sudbury, MA. Jones & Bartlett Learning. ISBN: 978-0-7637-9187-2
Ready. (2014, January 28). Risk Assessment Sources. Retrieved from http://www.ready.gov/risk-assessment
Risk Management Plan Template. (2014, November 12). Retrieved from http://www.projectmanagementdocs.com/project-planning-templates/risk-management-plan.html
Sims, S. (2015). Qualitative vs. Quantitative Risk Assessment. Retrieved from http://www.sans.edu/research/leadership-laboratory/article/risk-assessment
The Federal Highway Administration’s Office. (2015, May). 5. Risk Mitigation and Planning - Risk Assessment and Allocation for Highway Construction Management | Office of International Programs | FHWA. Retrieved from http://international.fhwa.dot.gov/riskassess/risk_hcm06
United States General Accounting Office. (1999, November 19). Information Security Risk Assessment. Retrieved from