Information Security Program - Security Risk Assessment and Audit

Herold k.

Order the writing of a tailor-made Educational studies Case study

Free quote online

Case study Format .doc

Information Security Program - Security Risk Assessment and Audit

Download

Read an extract

Themes

Information Security Program, Security Risk Assessment and Audit

Reader
Abstract
Contents
Extract

Abstract

An information security program is one of the fundamental aspects of security management that must be properly implemented to ensure that information within the computer systems are appropriately protected (Krause & Tipton, 2007). Threats to information systems include unauthorized access and use, disclosure, modification or even destruction (Dexter, 2002).

Information confidentiality is maintained by preventing unauthorized persons from accessing vital system information. Integrity handles an aspect that prevents that information from being manipulated by other external sources. Data should also be available for use when required by the relevant parties and not hoarded by other system resources. It is thus fundamental to protect these aspects of data in order to ensure that information within an organization is secure.

In order to ensure appropriate security management of information within an organization it is vital that the mission statement and the charter be defined for reference (Deswarte, Cuppens & Jajodia, 2004). The mission statement outlines the overall goals that the information security program within the organization seeks to achieve and provides guidelines necessary for strategic direction. The charter on the other hand avails provisions for the precise rights and civil liberties granted to the security team members from the organization.

Implementation of an Information Security Program
Justification for use of a security metrics program
Differences between a Security Risk Assessment and Security Audit
Project Scopes and objectives
Risk Analysis
Monitoring and Implementation
Challenges of creating a security Metrics Program

Get this table of contents for free after login.

Extract

[...] Staff should then be encouraged to participate directly in the implementation of these recommendations through a process that allocated training and sufficient resources for their use (Boyce & Jennings, 2002). Management should also set up an efficient monitoring and follow up system that ensures that the recommendations that were provided have been properly implemented. Some of the follow up actions include reviewing the implementation plans, documentation and time frames for planned actions. Determining why some of the actions that had been recommended were not implemented is also fundamental to the process of security management (Blokdijk & Menken, 2008). [...]

[...] This includes a description of some actions which range from acceptable risk in some low risk threats to reduction, avoidance or transfer of liability of those risks to third parties. Hence in the case of a virus, the description for such a risk would include avoidance of the risk through the installation of a fully functional anti-virus into the computer systems (Adams & Lloyd, 1999) Safeguards Safeguards should also be identified and evaluated for effectiveness so as to mitigate the possible effects of threats and vulnerabilities. [...]

[...] (2004). Information Security Management, Education and Privacy. Springer. Ryan, J. (2001). A Practical Guide to the Right VPN remedy. Applied Technologies developed Group Inc. [...]

[...] The scope of a security risk assessment may include the organization's connection of its internal network with the internet. The objectives of the learning have to be listed to allow understanding of which aspects of this connection that requires assessment. In this case, it may be the identification of the security protection mechanisms that the organization has in place that govern its connection with the internet Background information Background information into the organization is relevant because it allows the assessment to be carried out in context of the organization's activities (Sennewald, 2011). [...]

[...] As such, it provides a basis for expectations evaluation of changes completed in IT security measures allowing for continuity (Dexter, 2002) Security Audit A security audit is a cyclic check process that is conducted in the organization from time to time (Snedaker & McCrie, 2011). It is often undertaken to ascertain whether the appropriate security measures have been implemented. Security measures should be implemented according to policy hence it only through an audit that the knowledge of this aspect is made possible. A security audit can be divided to handle certain sections of security management at a time (Snedaker & McCrie, 2011). [...]

doc