logo

Information System Risks Faced by Affiliate Institutions

12 Pages3862 Words148 Views
   

Added on  2020-03-16

About This Document

Information System and Risk Management 11 Information System and Risk Management Name Affiliate Institutions Introduction 3 Security audits 3 Security Controls 3 Disaster Recovery Planning 4 Business Continuity Plan 6 Risk Management 7 Risk Analysis Matrix 7 Risk Considerations in Determining the Adequacy of IT Controls 7 The Information System Environment 8 Information System Risks Faced by the Organization 8 Risk Appetite and Tolerance 8 Performing a Risk Analysis 8 Strategies to Mitigate Risks 9 Conclusion 9 References 10 Introduction The objective of this report is to critically analyze on the system security

Information System Risks Faced by Affiliate Institutions

   Added on 2020-03-16

ShareRelated Documents
Running head: Information System and Risk Management1Information System and Risk ManagementNameAffiliate Institutions
Information System Risks Faced by Affiliate Institutions_1
Running head: Information System and Risk Management2Table of ContentsIntroduction......................................................................................................................................3Security audits.................................................................................................................................3Security Controls.............................................................................................................................3Disaster Recovery Planning.............................................................................................................4Business Continuity Plan.................................................................................................................6Risk Management............................................................................................................................7Risk Analysis Matrix...................................................................................................................7Risk Considerations in Determining the Adequacy of IT Controls.............................................7The Information System Environment.........................................................................................8Information System Risks Faced by the Organization.................................................................8Risk Appetite and Tolerance........................................................................................................8Performing a Risk Analysis.........................................................................................................8Strategies to Mitigate Risks.........................................................................................................9Conclusion.......................................................................................................................................9References......................................................................................................................................10
Information System Risks Faced by Affiliate Institutions_2
Running head: Information System and Risk Management3IntroductionThe objective of this report is to critically analyze on the system security audit, risk analysis andmanagement, implementation of control, disaster recovery and business continuity plans. Riskmanagement in any business is a very important aspect because it helps in identifyingvulnerabilities within the system and thus the organization can be able to handle them in goodtime to avoid massive negative impacts. System security audit helps in making sure that there isno abnormal transaction within the system and that its operations are consistent. Also disasterrecovery and business continuity plans are very important to any organization.Security auditsBusinesses receives benefits from the advancement of technology and information system.However, due to existence of cybercrimes, malware, hackers, and viruses, it causes morechallenges in the business. As such strong and regular follow up is needed through frequentsecurity audits of information system. The main challenges to success is lack of enoughprofessionals and existence of frameworks that are wrongly suited. (Roebuck, 2012).Security audits of information systems) is an examination and an independent review of systemactivities, records, activities and related files. The purpose of these audits is to increaseinformation security level, avoid inappropriate information security structure, and optimizesecurity processes and safeguard effectiveness. Security is a process that is never-ending, it isstill in its early stage and needs a continuous follow-up. In addition, security audits also needs aframework that is simple for process guidance. (Moeller, 2010).In order to manage a successful audit, the organization should; outline objectives, select auditorswith security experiences, enhance establishment of a security baseline via annual audits, ensuremanagers are involved early, ensure auditors depend on experience, and make sure that thereports of auditors reflect the company’s risks.Security ControlsThe following are some types of security controls;Physical Security Controls- physical security controls are machines that manage physical accessto information that is sensitive and safeguard information availability. These elements of securityrequired to protect assets and physical assets from being accessed by unauthorized individualsrepresents potential risks. All kind of computers, computing components, and associatedfacilities of communication should be viewed as spaces and assets that are sensitive and besafeguarded accordingly. Some of the examples of physical security controls are system ofphysical access, receptionist, physical protection systems, guards, physical intrusion detectionsystems, door access controls, human traps, restricted areas, automatic door controls, and CCTV.Proper management of physical security controls enhance technical and administrative controls.(Jacobs, 2011).
Information System Risks Faced by Affiliate Institutions_3
Running head: Information System and Risk Management4Technical Security Controls- technical security control is also referred to as logical controls andthey enhance restriction of system access. These controls involve features of software andhardware offered in a system and enhances the security and integrity of information, operatingsystems and programs. Software components offer management capabilities access. These are the major elements ofsecurity in a program to safeguard electronic data. An efficient logical security system offersways to authorize, identify, authenticate or restrict the authorized users to specific stipulatedaction, for every application called on by the computer to facilitate processing of the documentsvalue factors that are established. (Qadir, 2016). Administrative Security Controls- Administrative security controls is also referred to asprocedural controls. These controls are primarily policies and procedures which are structured toguide and define action of employees in handling sensitive information of the organization. Theycreate awareness to people on ways of running the business and means of conducting dailyoperations. Other types of administrative controls that enlighten people are the law andregulations developed by bodies of the government.Physical or technical security controls can enforce administrative security controls which are inthe structure of a policy. For example, security policy may suggest that computer lackingantivirus programs cannot facilitate connection to the network, but technical control like controlsoftware of network access looks for antivirus software when an attempt to attach to the networkby a computer is carried out. (Satzinger, Jackson & Burd, 2008).Disaster Recovery PlanningThe following are some ways to carry out disaster recovery planning;Devising a disaster recovery plan- disaster recovery planning involves evaluation of severalscenarios and pursuing of options. As such, its undertaking may be discouraging and so it isessential for the organization to begin with the basics and progress with other plan over time.First, the organization should define important aspects that will enhance the running of thebusiness such as access of applications and email, backing up of the database, computer devicesand recovery time goals. Other components for major plan is determining the individual in thecompany who announces the disaster, ways of informing the employees on the occurrence of thedisaster and communication methods to the client to restore confidence to them that theorganization can still offer services to their needs.(Broad, 2013).Monitor implementation- after the establishment of disaster recovery plan, it is essential tocontrol the plan to enhance effective implementation of the components. Disaster recovery planshould be considered as living documentand requires frequent updates. In addition, progressivemonitoring that is proactive and processes remediation like backing up replication data and datastorage can lead to minimal issues of information system and less downtime in a crisisoccurrence. (Nahari & Krutz, 2011).
Information System Risks Faced by Affiliate Institutions_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Network Security Plan Template- cyber security
|3
|451
|2880

BUSINESS INFORMATION SYSTEMS
|10
|1992
|9

Audit Plan Template.
|1
|339
|82

Implementation of CIA
|4
|768
|382

Information Assurance Awareness
|9
|1523
|26

Network Security Plan Template
|2
|304
|528