Enterprise Information Security Risk Analysis

4 Pages623 Words221 Views

Added on 2020-05-11

Enterprise Information Security Risk Analysis

Added on 2020-05-11

BookmarkRelated Documents

Running head: SUMMARY OF ARTICLESummary of ArticleName of the StudentName of the UniversityAuthor’s Note:

Enterprise Information Security Risk Analysis_1

1SUMMARY OF ARTICLEA Two-Phase Quantitative Methodology for Enterprise Information Security Risk AnalysisSummary: Enterprise information system is responsible for improving the overall functions of a particularenterprise. Computer networks, however, are vulnerable to all type of security risks and threats(Bhattacharjee et al., 2012). These types of attacks or threats can be mitigated by certain systematicapproaches and strategies.There are few methodologies for analyzing any type of information security risks or threats(Jerman-Blazic, 2012). The first method is the OCTAVE method, which allows any organization to takedecisions based on integrity, availability and confidentiality of IT assets. The second method is the TenStep Process method, which has several steps like identification, prioritization of threats, calculation ofthe factors of risk, safeguards identification and ranking, and the preparation of report of risk analysis(Peltier, 2013). The third approach is the FRAAP method, which attempts to recognize the threats withrespect to the effects on business processes. The three tools for analysis of information security risk areCOBRA, CORAS and CRAMM. There are few requirements for the method of information security risk analysis (Jerman-Blazic,2012). The confidentiality and integrity requirements refer to the overall protection and accuracy ofinformation from any type of unauthorized access. The availability requirement makes sure that theinformation is available to the authorized users. Authenticity refers to the verification of information,while, non-repudiation refers to the ability of prevention of denial of services (Laudon & Laudon, 2016).Loss impact refers to the requirement of a particular asset in enterprise and legal and contractualrequirement is the set of contractual requirements, which a particular organization claims to fulfill.There are two types of proposed approaches in securing the information, data or services in anenterprise. Moreover, the approaches even help to recognize the threats or risks in the information system.The first approach is the consolidated approach, which evaluates a specific risk factor value for aparticular asset (Bhattacharjee et al., 2012). It segments that asset in the classification of low, medium orhigh risk. The second approach is the detailed approach. It not only evaluates a specific risk factor, butalso recognizes that particular pair of threat vulnerability, that has caused the risk. Enterprise information system helps to improve the functions of business processes. There arerisks and threats associated to this information system. Various methods are present to identify and

Enterprise Information Security Risk Analysis_2

End of preview

Want to access all the pages? Upload your documents or become a member.

ITC596 - Risk Management Assignment

|619

|73

Security Risk Analysis and Management: A Comprehensive Guide

|20

|2542

|272

Identification of the four Vulnerabilities for the Various Assets

|12

|2717

|30

Agency Risk Assessment 2022

|11

|2651

|19

Security and Risk Management: Amcor

|15

|3379

|242

Cybersecurity Threats and Anti-Spam 3 CONCLUSIONS 4 INTRODUCTION Cybersecurity Threats and Anti-Spam 3 CONCLUSION 3 REFERENCES 4 INTRODUCTION Cybersecurity Threats and Anti-Spam 3 CONCLUSION 3 REFEREN

|1670

|122

Enterprise Information Security Risk Analysis