Risk management - security

Topics: Risk management, Risk, Security Pages: 2 (818 words) Published: February 23, 2015
Tutorial and Lab 4 – SD3043
Risk management - security

1. What is risk management?
Answer: Risk management is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be controlled or mitigated.

2. List and describe the key areas of concern for risk management. Answer: Risk identification, risk assessment, and risk control.

3. Which community of interest usually provides the resources used when undertaking information asset risk management? Answer: The resources used when undertaking information asset risk management is usually provided by all three communities: Information Security, Information Technology and General Management.

4. In risk management strategies, why must periodic review be a part of the process? Answer: Periodic reviews must be a part of the risk management strategies because threats are constantly changing for a company. Also once any specific vulnerability is completely managed by an existing control it no longer needs to be considered for additional controls.

5. Why do networking components need more examination from an information security perspective than from a systems development perspective? Answer: Networking components need more examination from an information security perspective than from a systems development perspective because networking subsystems are often the focal point of attacks against the system.

6. What value would an automated asset inventory system have for the risk identification process? Answer: An automated asset inventory system would be valuable to the risk identification process because all hardware components are already identified – models, make and locations – thus management can review for the most critical items and assess the values.

7. How many categories should a data classification scheme include? Why? Answer: An organization would need as many categories as necessary to include all of it’s need to treat different...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Risk Management in Information Technology Security Essay
  • Risk Management Essay
  • Questions on Risk Management Controls Essay
  • Applying Risk Management Essay
  • Security Essay
  • Chapter 4 Risk Management Essay
  • Essay about Security Monitoring Activities
  • CMGT 582 Week 3 Risk Management Paper 1

Become a StudyMode Member

Sign Up - It's Free