Information Security and Risk Management
Added on 2023-04-19
4 Pages625 Words318 Views
Business continuity
and
disaster recovery plan
and
disaster recovery plan
1
Bodin, L.D., Gordon, L.A. and Loeb, M.P., 2008. Information security and risk
management. Communications of the ACM, 51(4), pp.64-68.
Information security and risk management are selected as a topic and it is interesting as large
numbers of firms and individuals are facing the challenges related to information. Companies
must have a contingency planning in these areas so as to deal with these kinds of challenges.
Information security has become one of the growing concerns in the modern day business.
The article shows that with the increasing importance of information security, traditional
security methods cannot be effective. This article suggests three measures that capture
different aspects of information security risk. It also proposes a methodology that helps the
management to combine these different risk measures into a single composite metric named
perceived composite metric. For this the article suggests about the Analytical Hierarchy
Process that helps to find weighing factors that can be utilised for combining these risk
measures into PCR. This AHP helps Chief Information Security Officer to make decisions
that makes company to be ready for any kind of attack.
The three measures of loss that they have selected for themselves are expected loss; the
expected sever loss and the standard deviation of the loss. The expected loss is a resultant of
taking the sum of the products of each loss with its respective probability. The expected
severe loss highlights on the breaches that makes the survival of the company to be at the
brink of risk. Any company whose risk is above $8 million or greater is known to be in the
category where survivability of the organisation is at risk. On the other hand the standard
deviation of loss represents the dispersion around the expected loss.
The formulae are used for calculating the weights that helps in designing of the metrics which
helps the organisation to understand the areas they need to work upon so as protect their
information security.
Expected Loss Expected Severe
Loss
Standard
Deviation of
Loss
Weights
Expected Loss
E[X]
1 1 2 0.4
Expected Severe
Loss
1 1 2 0.4
Bodin, L.D., Gordon, L.A. and Loeb, M.P., 2008. Information security and risk
management. Communications of the ACM, 51(4), pp.64-68.
Information security and risk management are selected as a topic and it is interesting as large
numbers of firms and individuals are facing the challenges related to information. Companies
must have a contingency planning in these areas so as to deal with these kinds of challenges.
Information security has become one of the growing concerns in the modern day business.
The article shows that with the increasing importance of information security, traditional
security methods cannot be effective. This article suggests three measures that capture
different aspects of information security risk. It also proposes a methodology that helps the
management to combine these different risk measures into a single composite metric named
perceived composite metric. For this the article suggests about the Analytical Hierarchy
Process that helps to find weighing factors that can be utilised for combining these risk
measures into PCR. This AHP helps Chief Information Security Officer to make decisions
that makes company to be ready for any kind of attack.
The three measures of loss that they have selected for themselves are expected loss; the
expected sever loss and the standard deviation of the loss. The expected loss is a resultant of
taking the sum of the products of each loss with its respective probability. The expected
severe loss highlights on the breaches that makes the survival of the company to be at the
brink of risk. Any company whose risk is above $8 million or greater is known to be in the
category where survivability of the organisation is at risk. On the other hand the standard
deviation of loss represents the dispersion around the expected loss.
The formulae are used for calculating the weights that helps in designing of the metrics which
helps the organisation to understand the areas they need to work upon so as protect their
information security.
Expected Loss Expected Severe
Loss
Standard
Deviation of
Loss
Weights
Expected Loss
E[X]
1 1 2 0.4
Expected Severe
Loss
1 1 2 0.4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Portfolio Management Reportlg...
|7
|1818
|92