Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Computer Information System

Verified

Added on 2022/11/14

AI Summary

This report deals with creating three-part engaging guidebook which needs to be completed. It provides an idea with respect to benefits of risk assessment procedure, GDPR, ISO 31000 risk management standard, impact of IT security audit, and alignment of IT security with organizational policy.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: COMPUTER INFORMATION SYSTEM
COMPUTER INFORMATION SYSTEM
Name of the Student
Name of the University
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1COMPUTER INFORMATION SYSTEM
Table of Contents
Introduction......................................................................................................................................2
Discussion........................................................................................................................................2
Benefits of Risk Assessment Procedure......................................................................................2
General Data Protection Regulation (GDPR)..............................................................................4
ISO 31000 Risk Management......................................................................................................5
Impact of IT Security Audit.........................................................................................................5
Alignment of IT security with organizational policy..................................................................7
Conclusion.......................................................................................................................................8
Part 2................................................................................................................................................9
Part 3..............................................................................................................................................10
Bibliography..................................................................................................................................11

2COMPUTER INFORMATION SYSTEM
Introduction
The following report is all about IT security specialist who is working for a leading
security consultant. The report deals with creating three-part engaging guidebook which needs to
be completed. With every passing day, there has been growing news in media with respect to
security beaches in various organization. Security policy can be stated as a written document for
a firm that outlines the method of protecting the firm from threats. It is merely inclusive of
system-based threat and method of handling situation at the time of occurrence. This particular
policy is needed for identifying all the major assets of the firm along with potential threat for the
given asset. Organization need to update their security policies on regular basis.
In the coming pages of the report, an idea has been provided with respect to benefits of
risk assessment procedure. An overview has been provided about the fact that how data
protection like GDPR and ISO 31000 risk management standard can be applied to IT security.
Impact of IT security will have on the security of the firm. The last section of the report deals
with fact that how and IT security can be aligned to the organizational policy.
Discussion
Benefits of Risk Assessment Procedure
Risk assessment will help the firm to improve their overall security. With respect to in-
depth evaluation, it aims to offer various benefits which can be valuable for any firm.
Identification of Security Vulnerabilities: Risk assessment will help in evaluating the
firm system which is achieved by taking into account both external and internal environment.

3COMPUTER INFORMATION SYSTEM
Risk assessment will help in identifying the current security vulnerabilities and non-compliance
standard for security policies. Benefits of the firm is clearly stated by the list of some security
problem highlighting the problem with higher risk.
Understanding the security requirement: By the help of complete understanding of the
firm weakness. Risk assessment will help in understanding the steps that will remove the
weakness and strength of the system.
Justify Spending: All the details of risk assessment will help the firm in understanding
the overall financial risk. In addition, it will be used for calculating the overall cost of security
improvements. This will be merely expressed in the form of long term benefits in term of finance
for making investigation with respect to security efforts.
Enhanced planning: A firm need to have an understanding with respect to present risk
so that they can design the architecture of the networking in the upcoming days. Overall strength
and weakness of the network is identified by risk assessment. This aim to provide valuable
information with respect to organizational development for new plan and policies based on
security.
Documentation of due diligence: Risk assessment along with remediation is needed for
validating the effort of the firm. The mere effort is all about enforcing proper security measures.
This can act like evidence to insurance firm and business partners. It is all about requisite of
security policy which will protect both data and network.
Educating Employees: Apart from benefits of security benefits, risk assessment can
easily add value for improving the employee awareness for risk and security and measures. With
the development of knowledge there can be increase in overall efficiency.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4COMPUTER INFORMATION SYSTEM
Enhanced Motivation: Risk Assessment mainly underway the firm so that it can the
security of employee which is an important concern. Proper understanding can have profound
impact for overall security risk where employee can improve their sense of motivation and
overall productivity in their team.
Enhanced communication and Decision-Making: As risk assessment require
involvement of many people it will be helpful in starting up conversation which is about security
and various kind of risk involved in it. All the detail information will be provided by risk
assessment within the firm which is available on the same platform like major security threats.
General Data Protection Regulation (GDPR)
General Data Protection regulation can be defined as a legal framework which set up
guidelines needed for collection and its processing of personal information. It is mainly done for
individual who aim to live in the zone of European Union. Irrespective of website, regulation can
be heeded by various sites which can attract European Visitor. GDPR aims to mandate EU
visitor which mainly aims to highlight the number of data disclosure. Site need to considered
each step which will help in facilitating EU consumer based on timely notification in the case of
personal data. The rule allows the visitor to be completely notified about the data sites which can
collect from them. It merely comes into picture by clicking on Agree button or similar action. It
is very much important for mandating assessment for data security where an officer for data
protection needs to be hired. The mere focus is all about contacting the relevant staff which is
inclusive of ability of their presence on the site that is erased. GDPR aims to affect data which is
collected beyond the customer. It can be considered to be best regulation which is applied to
human resource that make record for employees.

5COMPUTER INFORMATION SYSTEM
ISO 31000 Risk Management
Organization which focus on managing risk in effective way are needed for protecting
themselves along with succeeding and growing in the business. The mere challenges for any
business is all about integrating good practices in their daily operation. It will be merely applied
to wide sector of organizational practices. ISO 31000 is a well-known standard which is needed
for risk management. It is completely achieved by providing proper guidelines along with
standard that will help the firm with risk assessment and risk analysis. There are various benefits
of ISO 31000 which can be applied to management, planning and communication method.
Various firm around the globe can manage risk to some extent so this international standard is
considered to be as the best practices. There is a list of recommendation which were developed
so that they can improve management techniques that ensure overall safety and security in
different workplaces. With the help of principle and guideline of ISO 31000 in their firm, people
can easily improve their operational efficiency, governance and confidence of the stakeholders.
International standard will help in boasting the overall health and safety of their performance.
There is a need of establishing a strong foundation for each decision making that encourages
management level decision in various areas.
Impact of IT Security Audit
IT security audit merely requires IT specialist which examine the current IT
infrastructure. It is all about identifying the present strength for their security arrangements and
highlighting their vulnerabilities. There is some specialist tool which is needed for collecting
data from different system which is being used by business. It is all about carrying out task in
their digital day to day. It is all about carrying out digital day to day task. By the help of audit, a

6COMPUTER INFORMATION SYSTEM
list of things can be put together which will have in-depth report which covers the major aspect.
The overall infrastructure aims to cover infrastructure which is strong and vulnerable. IT security
audit is required for ensuring the cyber-defences which is updated as required. It is considered to
be effective that can respond to overall threat due to hackers and associated criminals which can
manipulate the given system. Small businesses are merely targeting the cyber-criminals which
are thinking whilst for cash reserves which is due to commercial entity. They are unlikely to
have sizable team or level for resources which is needed for IT protection. As a result of diverted
attention, the infiltration can easily go beyond the business neglecting any kind of detection.
By the help of internal Security audits, organization can maintain their compliance
program in proper direction. It will be used for reducing any kind of stress for formal audits. The
given aspects are not only important but very much effective in analysing and fixing issues with
policies and procedures of the firm. The mere focus is all about understanding weakness for
cyber-security which will prepared the firm against any kind of threat. By the help of effective
risk assessment, there can be preventive breaches along with reducing the impact of breaches.
The mere focus of security risk assessment is all about preventing the appearance of firm name
in the spotlight as result of false reasons.
There is no particular IT security risk assessment which is found to be same. There is list
of ways which can be used for performing IT security risk assessment. The overall result is
completely based on the chosen method. There is a list of steps like
 Identifying and recording asset vulnerabilities
 Identifying both kind of threats Internal and External.
 Analysing the potential impact on business and their likelihood.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7COMPUTER INFORMATION SYSTEM
 Understanding the impact of business and their likelihood.
 Highlight and giving priority to risk response.
Alignment of IT security with organizational policy
Alignment of corporate security with business strategy of firm is considered to be one
topic for many senior securities professional. Corporate security comes up with ability to
highlight the clear though process about how they provide strategic actions. Senior business
executives have highlighted the fact that organization need to achieve better results if there is
more strategic approach. Corporate security is considered to be operational and strategic activity.
Security policies which are better aligned with the business aim to generate a much higher
number of employees. Organization policy is the procedure which is being followed by a firm by
which more value can be created for business units which operate on independent platform.
Functional strategy can be stated as a plan for action that can improve the function of
organizational resources.
Organization Alignment will help the various part of the firm to co-ordinate their
activities that will create integration. The overall alignment of process is all about linking
organizational goals, resources and culture. Alignment is known to be function of security
department which needs a clear understanding of the organization strategy. There are mainly
three steps of strategic planning process like strategic development, strategy deployment and
strategic analysis.
Balanced Score card approach is considered to be an effective tool which is needed for
understanding the security function. It is merely aligned to meet the strategic objective of the
firm. BSC is merely needed for clarify and updating strategy along with alignment of functional

8COMPUTER INFORMATION SYSTEM
and individual goals with the given strategy. The mere focus is all about linking strategic
objectives to some of the long targets and overall annual budgets. It is all about identifying and
align strategic initiatives that will help in performance review for improving overall strategy.
Four important aspect of BSC are finance, customer, internal process, learning and growth.
Conclusion
From the above pages of the report, the point can be noted that security policy is an
important aspect for any firm. Security policies aim to highlight the key aspects which needs to
be protected. It merely highlights the potential threat for the given items. The document merely
focuses on cyber-security and threat which is included from inside like possibility. Unfaithful
employees aim to steal some of the important information or even launch virus on network of the
firm. Security policy is used for preventing any kind of outside attack into the firm that can
penetrate into the system and result in data loss. In the last stage, there can be physical damage to
the system which can take place. As soon as the threat has been identified, likelihood of their
occurrence needs to be determined. The firm needs to focus on methods by which the threats can
be prevented. By the help of certain policies there can be strong physical security which can
safeguard. In addition, there is also need of certain plan that should be taken when the actual
threat comes into picture. Security policies need to be circulated to each and every employee of
the firm. The overall process of data safeguarding needs to be completely reviewed and updated
on regular basis.

9COMPUTER INFORMATION SYSTEM
Part 2
There are mainly two important aspect of security policy that is firstly dealing with
external threats and reducing overall internal risk. With respect to external threat the mere focus
is all about maintaining the overall integrity of the network. The second aspect is reducing the
overall risk by proper use of network-based resources. There is list of some important aspect
which is considered to be common sense for development and approach of developing and
implementing AUP.
Identifying risk: The best of identifying risk is done by the help of monitoring and
reporting tools. Majority of the vendors makes use of firewalls and internet security-based
products that helps in evaluation of period for much longer time.
Learning from others: There are various kind of security policies so it becomes
important to see organization. Higher authorities can also have a conversation with various sales
representatives.
Including staff in policy development: No organization around the globe want a policy
where they are dictated above. There is need of involvement of staff members in this process of
defining the right use. There is need of keeping the staff informed about the rules which are
needed for development and tools which require implementation.
Updating the Staff members: Security policy is merely dynamic document as it requires
involvement of network which is growing at a rapid pace. Database are built and destroyed at a
rapid pace. New kind of security policy is mainly update which is found to be hard enough. Open
communication is considered to be key to the success.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10COMPUTER INFORMATION SYSTEM
Part 3
Stakeholder is known to be an investor in the firm who action need to be analysed for
understanding the outcome of the business. Stakeholder does not come up with equity of
stakeholder. It can be employees who come up with stake in the firm success along with
incentives. In addition, they can be business partners who merely depend on the success for
ongoing supply chain. Each of the business come up different approach to the given stakeholder.
The overall roles and responsibilities tend to differ in between various business. Most common
platform for stakeholder is a public trade firm that come up with board of directors which
comprises of some of the high-ranking executives. Any member of stakeholder come up with
power to disrupt the decision for introducing new kind of ideas to the firm.
Addressing the external threat is completely based on technology. At present, there are
large number of technologies which are available for reducing the threat of the external network.
It merely comprises of antivirus software, e-mail filter and many other resources. Security policy
is mainly needed for protecting the firm from any kind of liability. It is made possible if and only
if there are any kind of inappropriate activities which is taken into account for violation of the
policy. Proper use of network within the firm is considered to be a problem of management.
There is a new of implementing acceptable use policy (AUP) which is as per the definition of
employee regulation.

11COMPUTER INFORMATION SYSTEM
Bibliography
Baker, S.R., Bloom, N. and Davis, S.J., 2016. Measuring economic policy uncertainty. The
quarterly journal of economics, 131(4), pp.1593-1636.
Bansal, G., Hodorff, K. and Marshall, K., 2016. Moral beliefs and organizational information
security policy compliance: The role of gender. Proceedings of the Eleventh Midwest United
States Association for Information Systems, pp.1-6.
Czyz, J., Luckie, M.J., Allman, M. and Bailey, M., 2016, February. Don't Forget to Lock the
Back Door! A Characterization of IPv6 Network Security Policy. In NDSS.
Da Veiga, A., 2016. Comparing the information security culture of employees who had read the
information security policy and those who had not: Illustrated through an empirical
study. Information & Computer Security, 24(2), pp.139-151.
Dalby, S., 2016. Environmental (in) security. International Encyclopedia of Geography: People,
the Earth, Environment and Technology: People, the Earth, Environment and Technology, pp.1-
10.
Flowerday, S.V. and Tuyikeze, T., 2016. Information security policy development and
implementation: The what, how and who. computers & security, 61, pp.169-183.
Furness, M. and Gänzle, S., 2017. The Security–Development Nexus in European Union Foreign
Relations after Lisbon: Policy Coherence at Last?. Development Policy Review, 35(4), pp.475-
492.

12COMPUTER INFORMATION SYSTEM
Graves, J.T., Acquisti, A. and Christin, N., 2016. Big data and bad data: on the sensitivity of
security policy to imperfect information. U. Chi. L. Rev., 83, p.117.
Kaarbo, J., 2018. Prime minister leadership style and the role of parliament in security
policy. The British Journal of Politics and International Relations, 20(1), pp.35-51.
Liang, C.S., 2016. Europe for the Europeans: the foreign and security policy of the populist
radical right. In Europe for the Europeans (pp. 19-50). Routledge.
Liu, J., Li, Y., Wang, H., Jin, D., Su, L., Zeng, L. and Vasilakos, T., 2016. Leveraging software-
defined networking for security policy enforcement. Information Sciences, 327, pp.288-299.
Mello, P.A. and Peters, D., 2018. Parliaments in security policy: Involvement, politicisation, and
influence. The British Journal of Politics and International Relations, 20(1), pp.3-18.
Pan, X., Cao, Y., Liu, S., Zhou, Y., Chen, Y. and Zhou, T., 2016, October. Cspautogen: Black-
box enforcement of content security policy upon real-world websites. In Proceedings of the 2016
ACM SIGSAC Conference on Computer and Communications Security (pp. 653-665). ACM.
Pisharody, S., Natarajan, J., Chowdhary, A., Alshalan, A. and Huang, D., 2017. Brew: A security
policy analysis framework for distributed sdn-based cloud environments. IEEE Transactions on
Dependable and Secure Computing.
Rosén, G. and Raube, K., 2018. Influence beyond formal powers: The parliamentarisation of
European Union security policy. The British Journal of Politics and International
Relations, 20(1), pp.69-83.
Rummel, R., 2019. Toward political union: planning a common foreign and security policy in
the European Community. Routledge.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13COMPUTER INFORMATION SYSTEM
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Shao, Y., Chen, Q.A., Mao, Z.M., Ott, J. and Qian, Z., 2016, February. Kratos: Discovering
Inconsistent Security Policy Enforcement in the Android Framework. In NDSS.
Sicari, S., Rizzardi, A., Miorandi, D., Cappiello, C. and Coen-Porisini, A., 2016. Security policy
enforcement for networked smart objects. Computer Networks, 108, pp.133-147.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information Management, 36(2),
pp.215-225.

1 out of 14

+13062052269

info@desklib.com

Computer Information System

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Security Risk Assessment

Assessing Security Risks to Organisation

Security Assignment

IT Security: Risk Assessment, Data Protection, and Disaster Recovery

Security policy development and risk management Report 2022

iT Security