Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security Risk Assessment: Enhancing Organizational Protection and Resilience

Verified

Added on 2023/04/24

AI Summary

In this assessment we will discuss about information security risk assessment and below are the summaries point:- Introduction: This report focuses on information security risk assessment in the context of Moss Side and Hulme Community Development Trust. Importance of Risk Assessment: Proper risk assessment is crucial for organizations to identify and mitigate information security risks effectively. Process of Risk Assessment: The report outlines the phases involved in information security risk assessment, including business awareness, strategy definition, development, metrics, benchmarking, implementation, and operation.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY RISK ASSESSMENT
INFORMATION SECURITY RISK ASSESSMENT
M811 TMA 02
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION SECURITY RISK ASSESSMENT
Table of Contents
Part 1.....................................................................................................................................................2
Introduction...........................................................................................................................................2
Information security Risk assessment....................................................................................................2
Phase I—Business Awareness...........................................................................................................7
Phase II—Strategy Definition............................................................................................................7
Phase III—Strategy Development.....................................................................................................8
Phase IV—Metrics and Benchmarking..............................................................................................9
Phase V—Implementation and Operation.........................................................................................9
Conclusion...........................................................................................................................................10
Part 2...................................................................................................................................................11
References...........................................................................................................................................13

2INFORMATION SECURITY RISK ASSESSMENT
Part 1
Introduction
The report aim is to elaborate the risks that are likely to arise with the information security
management within the organization Moss Side and Hulme Community Development Trust. The
organisation’s main objective is to implement proper information security management that will help
in improving the working of the information system1. However with time it becomes import5ant t
update the information security so that chances of risks can be minimised. However the assets
associated with the organization is used to conduct risk assessment. This are used to identify the risks
along with the threats and vulnerabilities that has the capability to affect the organization. The report
will describe the need of risk assessment within the organization. Apart from this the report will
identify whether there is a need to have risk assessment strategies or not.
Information security Risk assessment
Each organization needs to have a proper risk assessment for their information security. This
will help the organization to overcome the problems faced by the organization and their employees.
Proper systematic approach is required to manage the security assessment2. This will help in effective
management of information security management system. Risk assessment helps in defining the
information security risks quantitatively and enables the organization to mitigate this risks with
immediate solutions3. This determines the information assets, the vulnerability that exists within the
organization and also helps in identifying the potential consequences. Stages associated with the
information security risk assessment includes:
Identifying the assets related to the organization
1 Millwater, H., Y-T. Wu, T. Torng, B. Thacker, D. Riha, and C. P. Leung. "Recent developments of the
NESSUS probabilistic structural analysis computer program." (2017).
2 Restivo, Emily, and Mark M. Lanier. "Measuring the contextual effects and mitigating factors of labeling
theory." Justice Quarterly 32, no. 1 (2015): 116-141.
3 Zhang, Dongpo. "Big data security and privacy protection." In 8th International Conference on Management
and Computer Science (ICMCS 2018). Atlantis Press, 2018.

3INFORMATION SECURITY RISK ASSESSMENT
It becomes important to identify the assets relate to the organization. Once proper assets are
identified the impact related to the risks can be understood clearly. The organization first needs to
understand which assets are significant for the company4. The assets that are needed to maintained
with highest confidentiality, integrity and proper security needs to be analysed properly. Information
system are the major building block of any organization. Thus it needs proper security. The
organization may face physical security threats and also there are chances the system gets affected by
viruses. Thus every employee of the organization needs to be trained about the roper maintenance of
information security.
Identifying the vulnerabilities within the information system
The organization needs to identify the software that is most vulnerable to threats. The
software that needs to be maintained with highest confidentiality, availability and integrity. The
weakness and the possible obstacles that are likely to affect the success rate of the organization. There
are threats from unauthorized person. Apart from this it is identified that the organization Moss Side
and Hulme Community Development Trust has major problems with assigning the roles to their
employees and informing them about the role of information security management in a proper way.
Identifying the threats related to the information system
This part helps in identifying the potential cause of assets that are related to information
system. The organization needs to identify the place where the data centre is located. This will assess
the risks that are associated with the environmental threats5. The organization’s information system
are prone to threats or not. With the help of threat modeling risks and threats related to the
information system can be identified quickly.
Identifying the controls
4 Haimes, Yacov Y. Risk modeling, assessment, and management. John Wiley & Sons, 2015.
5 DeBusk, Robert F., Nancy Houston Miller, H. Robert Superko, Charles A. Dennis, Randal J. Thomas, Henry
T. Lew, Walter E. Berger et al. "A case-management system for coronary risk factor modification after acute
myocardial infarction." Annals of Internal Medicine 120, no. 9 (1994): 721-729.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION SECURITY RISK ASSESSMENT
This includes identifying the elements that are already there to control the risk assessment.
Control is designed to directly assess and identifies the vulnerabilities that are needed to be fixed with
less amount of time. In case the risks are identified related to the organization6. Then similar controls
will get active to overcome this issues.
Assessment
The process that includes combination of information that is gathered from the assets, vulnerabilities
and that will help in controlling the described risks. In order to maintain this assessment there are
several frameworks that will help in assessing the risks properly. This approaches are as follows:
Risk = (vulnerability x threat (exploit likelihood x exploit impact) x asset value) - security controls
However this is the most simplified formula for calculating the risks.
Treatment for the risk identified
After the risk has been analysed within an organization it is important to select proper
treatment options. This are as follows:
Remediation
This helps in implementing proper control that will help in nearly fixing all the underlying
risk faced by the organization. For example if the organization has identified a vulnerability on a
server that is used for storing most critical assets. For this it is important to apply an asset for the
identified vulnerability.
Mitigation
After analysing the risks associated with the organization it becomes important to mitigate the
risk entirely so that the impact associated with the risk can be minimized7. In case the organizations
6 Millwater, H., Y-T. Wu, T. Torng, B. Thacker, D. Riha, and C. P. Leung. "Recent developments of the
NESSUS probabilistic structural analysis computer program." (2017).
7 Soller, Jeffrey A., Sorina E. Eftim, and Sharon P. Nappier. "Direct potable reuse microbial risk assessment
methodology: Sensitivity analysis and application to State log credit allocations." Water research 128 (2018):
286-292.

5INFORMATION SECURITY RISK ASSESSMENT
information system is vulnerable to unauthorized person than it becomes important to implement
firewall and proper encryption methods.
Transference
Transference is the major way through which the risk associated with one entity of the
organization can be recovered easily and can be transferred as soon as possible.
Risk acceptance
This state is used when the risk associated with the information system is predicted to be low
and the time and effort needed to mitigate this risks are more. Thus it becomes pointless to invest
energy on such risks. In case the information system within the organization does not contains any
such crucial data, however it demands to be assessed for the vulnerabilities encountered. In that case
there is no need to waste time on mitigating the risks.
Risk avoidance
This includes removing the risks that are identified within the organization. For example the
operating system is identified with the end of life process. Thus the system will not receive any
further security patches. There are chances that the sensitive data stored within the organization may
get harmed. Thus in order to overcome such situation it becomes important to mitigate the risks.
Proper Communication strategy
Every organization needs to have a proper communication channel among the employees and
higher staffs of the organization. This will not only to inform about the risks but also helps in proper
decision making. The organization needs to assess how the information is shared within the
organization. Proper awareness among the employees of the organization will help to understand the
risks. Moreover this will help to collect best decision from the employees and effective solution can
be drawn out from this case. Apart from the employees the stakeholders associated with the
orgniztaon also needs to discuss the decision and should also know about costs incorporated in

6INFORMATION SECURITY RISK ASSESSMENT
treating risks. Moreover it becomes important to address the accountability and responsibility that is
associated with individuals present within the organization.
Rinse and Repeat
Risk assessment related to the information system is an ongoing process. The control
associated with the implementation plan needs to be kept under continuous monitoring. The system
goes on over changes that will help to identifying the risks.
Information security risk assessment strategy also ensures proper infrastructure protection.
This includes a map that will provide proper measures for protecting the goals of organization. This is
treated as one of the important organizations IT planning. Basically the information security risk
assessment are done in order to have a proper planning for IT strategy. It becomes important to
understand the requirements associated with the business conditions. Thus also becomes important to
organize the company’s risk profile properly. This step includes identification of the current business
plan and the condition faced by organization. The organization needs proper staffing with whom the
organization will be able succeed8. The strategy implemented should be capable of understanding the
major requirements of the organization. There are several cases in which the organization has ability
to adopt proper business value that helps in implementation of robust capabilities. The organization
needs to understand the capabilities that will be able to focus on the minimum requirements. ERM
implementation helps in managing the organizations risk profile. The methodology followed for the
development of the security and risk management techniques used for the organization has been done
in a number of phases. The phases followed for the risk management techniques within the
organization has been described below:
8 Layton, Timothy P. Information Security: Design, implementation, measurement, and compliance. Auerbach
Publications, 2016.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7INFORMATION SECURITY RISK ASSESSMENT
Phase I—Business Awareness
In this phase of risk assessment, the present business case of the organization was identified9.
The risk profiles of the organization was analysed and the need for risk mitigation was identified
during this phase. It is very important that while the risk management strategies of the organization
are developed, the current business case of the organization is identified10. This would provide
information on whether the organization would be able to mitigate the identified risks or not. The
strategy that is defined for the organization would be measures against the staffs that are currently
allocated with the organization. One of the key indicator is the financial aspect of the organization.
The organization that is being considered here has a growth perspective and the business values are
derivable from the capabilities of the organization, which are robust.
During the consideration of the risk assessment techniques used by the organization, the vital
data points which are generally misunderstood are to be considered. The main goal during the
derivation of the risk management strategy was complementing the business goals of the organization
along with maintain the risk management and security levels of the organization11. Alignment of the
Risk assessment with that of the risk profile of the organization helps the business leadership of the
organization to be confident and risk strategy of the system is business oriented does not enforce any
external requirement to the business of the organization. The common mistake of development of the
strategy on the future budget of the business has not been done in case, rather the actual budget of the
organization has been considered in this case.
Phase II—Strategy Definition
The business awareness the strategy was defined for the business of the organization. The
strategy includes the inclusion of an annual plan for the organization which is to be then followed by a
three year plan for the business. The point of arrival of the plan is done on the capabilities defined by
9 Yacoub, Sherif M., and Hany H. Ammar. "A methodology for architecture-level reliability risk
analysis." IEEE Transactions on Software engineering 28, no. 6 (2002): 529-547.
10 Millwater, H., Y-T. Wu, T. Torng, B. Thacker, D. Riha, and C. P. Leung. "Recent developments of the
NESSUS probabilistic structural analysis computer program." (2017).
11 Gordon, William J., Adam Fairhall, and Adam Landman. "Threats to Information Security—Public Health
Implications." New England Journal of Medicine 377, no. 8 (2017): 707-709.

8INFORMATION SECURITY RISK ASSESSMENT
the guidance and inputs considered by the management of the organization. The availability and the
staffs capable for implementation of the strategy was also identified and deployed accordingly into the
respective positions. During the development of the strategy only 10 per cent of the total IT budget of
the organization is considered12. The budget requirement of the risk assessment plan is kept within the
scope of the budget for the IT considerations of the organization. The Strategy is developed within a
very short program so that the risk management techniques can be applied along the developed
business procedures.
Additionally, the point of arrival of the risk assessment strategy was scheduled according to
the guidance and data input provided by the organisation. The leadership teams have a different type
of perspective for the arrival however the information about the point of arrival for the strategy was
derived from the indications provided by the leaders in the project.
Phase III—Strategy Development
The third phase involved the governance model definition and the identification of the
services and the capabilities of the system. The components required for the risk management strategy
was included in the requirements and it acted as the consultative element within the organization. The
structure of reporting risk management strategy was also determined and staff competency necessary
for the implementing the risk management technique successfully is also considered13. The
operational element of the risk management plan were also considered.
Additionally there were additional risk considerations made along with the staffs and competency
within the organization. The risks for the ensuring that the staffs do not oversight the system
appropriately persists14. The development of the risk assessment strategy includes the every important
12 Holt-Lunstad, Julianne, Timothy B. Smith, Mark Baker, Tyler Harris, and David Stephenson. "Loneliness and
social isolation as risk factors for mortality: a meta-analytic review." Perspectives on Psychological Science 10,
no. 2 (2015): 227-237.
13 Dadashzadeh, M., S. Kashkarov, D. Makarov, and V. Molkov. "Socio-economic analysis and quantitative risk
assessment methodology for safety design of onboard storage systems." In Presented at the International
conference on hydrogen safety (ICHS) 2017. 2017.
14 Soller, Jeffrey A., Sorina E. Eftim, and Sharon P. Nappier. "Direct potable reuse microbial risk assessment
methodology: Sensitivity analysis and application to State log credit allocations." Water research 128 (2018):
286-292.

9INFORMATION SECURITY RISK ASSESSMENT
step to define the functional and governance model of inventory that would provide by the
organization. The implementation of the risk assessment strategy was very easy as the organization
was blessed with the benefit of having a direct management who would be able to oversight the
operations and would be would be able to complete the life cycle from strategy for architecture to
design implementation of the system.
Phase IV—Metrics and Benchmarking
The fourth phase consists of the metrics and the benchmarks required for the deployment of
the system. It very important that system ensures the alignment with that of the guidelines and
standards maintained by the industry. The organization belongs to however the standards were mostly
maintained by the deployed risk assessment strategy in multiple standard15. There are no single
standard that the organization has to follow and hence, all the standard that were judged appropriate
for strategy were compliance with the industry.
For the benchmarking strategy the CMM Modelling and Benchmarking was followed and
management took regular follow ups with that of the deployment team. The main point of query for
the organization and the management was point of arrival of the risk assessment strategy and measure
of the appropriate management capabilities. Along with this the main performance indicators to the
alignment of the developed strategy with that of the organization business plan was that of the annual
organizational goals and the point-of-arrival guideline.
Phase V—Implementation and Operation
The fifth phase was final phase that is concerned with the implementation of the strategy and
making the strategy operational. The global considerations were taken into account for this phase and
the compliant of the organization with the global standards were identified. The risks that cloud take
place for neglecting the risk assessment strategy was also identified. The oversight boards were
utilized as part of the operational model and the strategy used for deployment of risk assessment16. It
15 Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for effective
information security management. Auerbach Publications, 2016.
16 Zhang, Dongpo. "Big data security and privacy protection." In 8th International Conference on Management
and Computer Science (ICMCS 2018). Atlantis Press, 2018.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10INFORMATION SECURITY RISK ASSESSMENT
was also ensured a quality communication model was maintained in between the risk assessment team
and the business functional group17. Additionally, the culture awareness regarding the information
protect activities are monitored within the organization that would be focusing on the risk mitigation
tactics.
There is an importance of having a proper risk assessment as this will help in overcoming the
challenges faced by the organization. At the organizational level this helps in determining the
responsibilities and guarantees that the benefits are obtained after applying enterprise information
security at every level of the organization. The importance of risk assessment at legal level is that it
helps to show other authorities that the enterprise is being compiled with all related rules and
regulations. The organization is performing the business after completing the standards and principles.
With the risk assessment, the organization can determine the weakness and the way organization can
be protected from threats can be determined properly. This helps in understanding the importance of
business partners, stakeholders and customers at the commercial level. Thus with proper risk
assessment strategies the company will be able to overcome the challenges.
Conclusion
From the above report it can be stated that risk assessment is needed to be implemented
within every organization. This will ensure proper working and will add benefit towards the
organization. The main challenge that is likely to be faced by the organization is with unauthorized
access. Thus proper encryption will restrict the users. The information system is a very sophisticated
database that stores all types of data including sensitive data. Risk assessment helps in identifying the
loop holes in the system at financial level. This also includes applying proper measures to reduce the
cost. Thus it is important for the chosen organization to assess the risks properly at each step and
needs to be maintained properly. Every organization can withstand the market only if they have
proper risk assessment strategies. This will ensure proper working of the organization.
17 Gordon, William J., Adam Fairhall, and Adam Landman. "Threats to Information Security—Public Health
Implications." New England Journal of Medicine 377, no. 8 (2017): 707-709.

11INFORMATION SECURITY RISK ASSESSMENT
Part 2
After analysing the risks observed it is clear that the organization needs to be aware of the risks
that are likely to impact the system. However there are several risks that has the potential to impact
the home computer system. This includes the virus attacks, threats from unauthorized persons and the
data stored within the system. The type of risks that are vulnerable is the data getting viral by a third
persons intrusion18. Thus it is important to ensure that the home system is developed with proper
security and authentication. The ways in which the hazards can be mitigated includes:
 Step 1: Identifying the source of the risk occurred within the system
 Step 2: Deciding the person behind the attacks and analysing the source
 Step 3: proper evaluation of the risks that occurred and decide precautions based on this
 Step 4: Recording the findings and implementing proper measures accordingly
 Step 5: Reviewing the assessment properly and updating the necessary feedback
Thus from the identification of risk assessment it can be stated that it is important to analyse the
risks faced with organization or with the persona computers19. This threats tends to becomes more
powerful with time and may harm to a great extent. Thus proper risk assessment at correct time will
help to mitigate the risks.
18 Yacoub, Sherif M., and Hany H. Ammar. "A methodology for architecture-level reliability risk
analysis." IEEE Transactions on Software engineering 28, no. 6 (2002): 529-547.
19 Anderson, Harry. "Introduction to nessus." 2003-10). http://www. securityfocus. com/infocus/1741 (2003).

12INFORMATION SECURITY RISK ASSESSMENT
References
Anderson, Harry. "Introduction to nessus." 2003-10). http://www. securityfocus.
com/infocus/1741 (2003).
Dadashzadeh, M., S. Kashkarov, D. Makarov, and V. Molkov. "Socio-economic analysis and
quantitative risk assessment methodology for safety design of onboard storage systems." In Presented
at the International conference on hydrogen safety (ICHS) 2017. 2017.
DeBusk, Robert F., Nancy Houston Miller, H. Robert Superko, Charles A. Dennis, Randal J. Thomas,
Henry T. Lew, Walter E. Berger et al. "A case-management system for coronary risk factor
modification after acute myocardial infarction." Annals of Internal Medicine 120, no. 9 (1994): 721-
729.
Drake, David L., and Katherine L. Morse. "The security-specific eight stage risk assessment
methodology." In Proceedings of the 17th National Computer Security Conference, pp. 441-450.
1994.
Giannakis, Mihalis, and Thanos Papadopoulos. "Supply chain sustainability: A risk management
approach." International Journal of Production Economics 171 (2016): 455-470.
Gordon, William J., Adam Fairhall, and Adam Landman. "Threats to Information Security—Public
Health Implications." New England Journal of Medicine 377, no. 8 (2017): 707-709.
Haimes, Yacov Y. Risk modeling, assessment, and management. John Wiley & Sons, 2015.
Holt-Lunstad, Julianne, Timothy B. Smith, Mark Baker, Tyler Harris, and David Stephenson.
"Loneliness and social isolation as risk factors for mortality: a meta-analytic review." Perspectives on
Psychological Science 10, no. 2 (2015): 227-237.
Layton, Timothy P. Information Security: Design, implementation, measurement, and compliance.
Auerbach Publications, 2016.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13INFORMATION SECURITY RISK ASSESSMENT
Millwater, H., Y-T. Wu, T. Torng, B. Thacker, D. Riha, and C. P. Leung. "Recent developments of
the NESSUS probabilistic structural analysis computer program." (2017).
Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for effective
information security management. Auerbach Publications, 2016.
Ramchand, Rajeev, Rena Rudavsky, Sean Grant, Terri Tanielian, and Lisa Jaycox. "Prevalence of,
risk factors for, and consequences of posttraumatic stress disorder and other mental health problems in
military populations deployed to Iraq and Afghanistan." Current psychiatry reports 17, no. 5 (2015):
37.
Restivo, Emily, and Mark M. Lanier. "Measuring the contextual effects and mitigating factors of
labeling theory." Justice Quarterly 32, no. 1 (2015): 116-141.
Safa, Nader Sohrabi, Rossouw Von Solms, and Steven Furnell. "Information security policy
compliance model in organizations." Computers & Security 56 (2016): 70-82.
Soller, Jeffrey A., Sorina E. Eftim, and Sharon P. Nappier. "Direct potable reuse microbial risk
assessment methodology: Sensitivity analysis and application to State log credit allocations." Water
research 128 (2018): 286-292.
Soomro, Zahoor Ahmed, Mahmood Hussain Shah, and Javed Ahmed. "Information security
management needs more holistic approach: A literature review." International Journal of Information
Management 36, no. 2 (2016): 215-225.
Soomro, Zahoor Ahmed, Mahmood Hussain Shah, and Javed Ahmed. "Information security
management needs more holistic approach: A literature review." International Journal of Information
Management 36, no. 2 (2016): 215-225.
Yacoub, Sherif M., and Hany H. Ammar. "A methodology for architecture-level reliability risk
analysis." IEEE Transactions on Software engineering 28, no. 6 (2002): 529-547.
Zhang, Dongpo. "Big data security and privacy protection." In 8th International Conference on
Management and Computer Science (ICMCS 2018). Atlantis Press, 2018.

1 out of 14

+13062052269

info@desklib.com

Information Security Risk Assessment: Enhancing Organizational Protection and Resilience

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Information security risk assessment

Knowledge Security Risk Management

Cyber Security Assessment 20222

Cyber Security Risk Assessment 2022

Information Security for SMEs

Risk and Vulnerability Management in the Organization