logo

Information Security Management

   

Added on  2023-04-21

18 Pages2519 Words467 Views
 | 
 | 
 | 
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of Student-
Name of University-
Author’s Note-
Information Security Management_1

1INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Introduction..................................................................................................................................2
1.1 Introduction of case study and problems identified...............................................................2
1.2 Objectives..............................................................................................................................2
1.3 Role and Tasks assigned in the project..................................................................................3
1.4 Project Timeline.....................................................................................................................3
1.5 Scope and Exclusions............................................................................................................3
2. Threat and Vulnerability Assessment..........................................................................................4
2.1 Introduction of threat and vulnerability.................................................................................4
2.2 Threat and Vulnerability Table..............................................................................................4
2.2.1 Threats, threat agent, assets affected, vulnerabilities, impact of the threat, mitigation
techniques, relevant security controls (ISO 27 K), resources/tools required, and cost of
mitigation.................................................................................................................................4
3. Roles and Responsibilities...........................................................................................................5
3.1 RACI Chart............................................................................................................................5
3.1.1 List the activities.............................................................................................................5
3.1.2 Allocate roles and responsibilities to personnel.............................................................5
4. SETA...........................................................................................................................................6
4.1 Identify a threat that need to be addressed.........................................................................6
4.2 Draft a SETA program.......................................................................................................6
Information Security Management_2

2INFORMATION SECURITY MANAGEMENT
5. Issue Specific Security Policy (ISSP) for a threat.......................................................................7
5.1 Identify a threat that need to be addressed.........................................................................7
5.2 Create an ISSP...................................................................................................................7
6. Plan of Action..............................................................................................................................8
6.1 GANTT Chart........................................................................................................................8
6.1.1 WBS................................................................................................................................8
6.1.2 Milestones.......................................................................................................................8
6.1.3 Schedules........................................................................................................................8
6.1.4 Critical path..................................................................................................................11
6.1.5 Allocate personnel........................................................................................................12
6.1.6 GANTT chart................................................................................................................13
7. Conclusion.................................................................................................................................13
7.1 Summary..........................................................................................................................13
7.2 Heat Map.........................................................................................................................14
Bibliography..................................................................................................................................16
Information Security Management_3

3INFORMATION SECURITY MANAGEMENT
1. Introduction
1.1 Introduction of case study and problems identified
The case study that is considered in this research study is the case study of AD Health
Network. The AD Health Network is a health service organization having its headquarters in
Abu Dhabi. The company mainly has three products HNetPay, HNetConnect, and
HNetExchange. HNetExchange is the main source of revenue in the company. This is used for
handling secured electronic messages related to medical. The HNetPay is used for paying of bill
and HNetConnect is online directory of the company that has details of doctors, other medical
facilities and clinics that helps AD Health Network for attracting customers.
The main issue found in the information system of the company is losing of data due to
various reasons. There are many insider threats, internet threats and losing of data threat that are
faced by the company. The company needs a IS Security risk management plan for mitigating
those threat. Assigned as Information Technology Intern of the company, the risk management
plan is discussed in this report that will help to mitigate the risks associated with the company.
This report has threat and vulnerability matrix, roles and responsibilities chart, SETA and ISSP
threat for the issues identified. There are also some action plan that are to be prepared for
carrying out the activities in the company.
1.2 Objectives
The main objectives of this reports are listed below:
To identify the threat and vulnerability assessment related with the case study
To define the roles and responsibilities through RACI Chart
Information Security Management_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Information Security Management: Project Charter, RACI Matrix, Project Plan, Risk and Mitigation
|12
|1340
|465

Project Management Plan & Risk Analysis
|14
|846
|135

Information System Project Management Assignment
|20
|2324
|22

Information Security Management
|11
|1249
|382

Information Security Management for CloudXYZ: Risk Assessment and Mitigation
|18
|3419
|275

COIT20265 Networks and Information Security Project - Progress Report
|4
|943
|134