ICT Risk Management Report 2022
Added on 2022-10-13
13 Pages3149 Words10 Views
Running head: ICT RISK MANAGEMENT
ICT Risk Management
Name of the Student
Name of the University
Author’s Note:
ICT Risk Management
Name of the Student
Name of the University
Author’s Note:
1
ICT RISK MANAGEMENT
Executive Summary
The main aim of this report is knowing about information risk management after
consideration of one case scenario. The IT security risks and threats, as well as the strategies
for risk management have eventually become one of the most top priorities for the digital
organizations. As a result, a proper plan for risk management incrementally involves the
major procedures of the companies to identify or control threats to the digitalized assets, like
proprietary corporate information, intellectual properties and even personally identifiable
information. A program for cyber risk management eventually prioritizes all the identified
threats by considering the likelihood of occurrence and making all the coordinated efforts in
minimizing, monitoring or controlling the effects of the risks. Information technology
governance defines these cyber risks as the events, which could lead to subsequent data
breaches, operation disruption, reputational damages and financial losses that are being
caused by the failure of technological processes and systems. The report has demonstrated an
effective security plan and training and awareness program for the employees.
ICT RISK MANAGEMENT
Executive Summary
The main aim of this report is knowing about information risk management after
consideration of one case scenario. The IT security risks and threats, as well as the strategies
for risk management have eventually become one of the most top priorities for the digital
organizations. As a result, a proper plan for risk management incrementally involves the
major procedures of the companies to identify or control threats to the digitalized assets, like
proprietary corporate information, intellectual properties and even personally identifiable
information. A program for cyber risk management eventually prioritizes all the identified
threats by considering the likelihood of occurrence and making all the coordinated efforts in
minimizing, monitoring or controlling the effects of the risks. Information technology
governance defines these cyber risks as the events, which could lead to subsequent data
breaches, operation disruption, reputational damages and financial losses that are being
caused by the failure of technological processes and systems. The report has demonstrated an
effective security plan and training and awareness program for the employees.
2
ICT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Brief Description of Given Case Scenario.......................................................................3
2.2 Identifying and Describing Organizational Holding at Threat........................................4
2.3 Identifying and Describing every Potential Security Risk to the Company....................5
2.4 Designing a proper Security Plan after considering Details related to Effective Counter
Measures to manage and address the Threats........................................................................7
2.5 Developing an Information Security Training as well as Awareness Programs for Staff
................................................................................................................................................9
3. Conclusion..............................................................................................................................9
References................................................................................................................................11
ICT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Brief Description of Given Case Scenario.......................................................................3
2.2 Identifying and Describing Organizational Holding at Threat........................................4
2.3 Identifying and Describing every Potential Security Risk to the Company....................5
2.4 Designing a proper Security Plan after considering Details related to Effective Counter
Measures to manage and address the Threats........................................................................7
2.5 Developing an Information Security Training as well as Awareness Programs for Staff
................................................................................................................................................9
3. Conclusion..............................................................................................................................9
References................................................................................................................................11
3
ICT RISK MANAGEMENT
1. Introduction
Risk management is the significant procedure for successful identification, assessment
and management of risks, associated to organizational earning and capital. These risks can
stem from the broad range of sources, such as legal liabilities, accidents, errors in strategic
management and financial uncertainty (Biener, Eling and Wirfs 2015). Regulatory
compliance should be expanded for scrutinizing organizational risk management plans and
policies. It is needed to ensure that such risk management plan is being effective for
maintenance of cyber security. An organization has decided to implement a training as well
as awareness programme for their employees so that effect of cyber threats are reduced. This
report will demonstrate about a security plan and different mitigation strategies for reducing
effects of these cyber threats.
2. Discussion
2.1 Brief Description of Given Case Scenario
The management of a business organization has appointed a new head in their
existing security team to protect the respective informational holdings in the business. More
than one thousand employees are working in this organization and they have placed the
business in a separate multi-storeyed building, located in a central city. This particular
security team is responsible for protecting their informational holdings from any type of risk
or threat. They would also have to manage information security on top priority. This
particular security team has also found that some of the major areas like BCP, DR plan and
incident response plan are extremely weak, in comparison to the type of data, they are
dealing. Furthermore, there exists subsequent chance for social engineering attacks, security
of passwords and also lacking an employee awareness program for notifying those regarding
threats and vulnerabilities for data and assets.
ICT RISK MANAGEMENT
1. Introduction
Risk management is the significant procedure for successful identification, assessment
and management of risks, associated to organizational earning and capital. These risks can
stem from the broad range of sources, such as legal liabilities, accidents, errors in strategic
management and financial uncertainty (Biener, Eling and Wirfs 2015). Regulatory
compliance should be expanded for scrutinizing organizational risk management plans and
policies. It is needed to ensure that such risk management plan is being effective for
maintenance of cyber security. An organization has decided to implement a training as well
as awareness programme for their employees so that effect of cyber threats are reduced. This
report will demonstrate about a security plan and different mitigation strategies for reducing
effects of these cyber threats.
2. Discussion
2.1 Brief Description of Given Case Scenario
The management of a business organization has appointed a new head in their
existing security team to protect the respective informational holdings in the business. More
than one thousand employees are working in this organization and they have placed the
business in a separate multi-storeyed building, located in a central city. This particular
security team is responsible for protecting their informational holdings from any type of risk
or threat. They would also have to manage information security on top priority. This
particular security team has also found that some of the major areas like BCP, DR plan and
incident response plan are extremely weak, in comparison to the type of data, they are
dealing. Furthermore, there exists subsequent chance for social engineering attacks, security
of passwords and also lacking an employee awareness program for notifying those regarding
threats and vulnerabilities for data and assets.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security Plan and Training Programlg...
|13
|3113
|315
Cyber Security: Threats, Plan, Countermeasures, Training, and Policylg...
|13
|2868
|361
Cyber Security - Network Security in the Cyber Cafelg...
|11
|2254
|14
Security Plan and Training Programlg...
|14
|3244
|396
Social and Cultural Impact of the Use of ICT Associated With Cyber Security | Reportlg...
|15
|4018
|9
Security Management and Governancelg...
|14
|3130
|34