Information System Security Management Report 2022
Added on 2022-10-15
18 Pages4538 Words10 Views
Information System Security Management 1
Information Security Management
Student
Tutor
Institutional Affiliation
State
Date
Information Security Management
Student
Tutor
Institutional Affiliation
State
Date
Information System Security Management 2
Table of Contents
Table of Contents........................................................................................................... 2
Executive summary........................................................................................................ 3
Introduction.................................................................................................................. 4
Information security risk management...............................................................................4
Identification.............................................................................................................. 5
Identification of assets............................................................................................... 5
Identification of vulnerabilities................................................................................... 5
Identification of threats............................................................................................. 6
Identification of controls............................................................................................ 7
Assessment................................................................................................................. 7
Treatment of risk........................................................................................................ 8
Mitigation............................................................................................................... 8
Remediation............................................................................................................ 8
Transference........................................................................................................... 8
Risk acceptance....................................................................................................... 9
Risk avoidance........................................................................................................ 9
Communication and awareness...................................................................................... 9
Rinse and repeat......................................................................................................... 9
Information security certification and accreditation............................................................10
Initiation................................................................................................................. 11
Security certification.................................................................................................. 12
Security accreditation................................................................................................ 13
Continuous monitoring............................................................................................... 14
Conclusion.................................................................................................................. 15
Table of Contents
Table of Contents........................................................................................................... 2
Executive summary........................................................................................................ 3
Introduction.................................................................................................................. 4
Information security risk management...............................................................................4
Identification.............................................................................................................. 5
Identification of assets............................................................................................... 5
Identification of vulnerabilities................................................................................... 5
Identification of threats............................................................................................. 6
Identification of controls............................................................................................ 7
Assessment................................................................................................................. 7
Treatment of risk........................................................................................................ 8
Mitigation............................................................................................................... 8
Remediation............................................................................................................ 8
Transference........................................................................................................... 8
Risk acceptance....................................................................................................... 9
Risk avoidance........................................................................................................ 9
Communication and awareness...................................................................................... 9
Rinse and repeat......................................................................................................... 9
Information security certification and accreditation............................................................10
Initiation................................................................................................................. 11
Security certification.................................................................................................. 12
Security accreditation................................................................................................ 13
Continuous monitoring............................................................................................... 14
Conclusion.................................................................................................................. 15
Information System Security Management 3
Executive summary
System security management is a factor of fundamental relevance in every business. Its
main goal is to protect an organization’s sensitive data. FuturePlus is a start-up charity
organization. The organization wants to expand in future and will be serving many clients.
Additionally, FuturePlus hold sensitive data for its contributors. Due to this, the organization is
likely to face cyber-attack. Hence it is imperative to come up with a robust security management
strategies that will ensure safety of the sensitive data in the organization system. And it is for this
purpose that we have come up with this report.
In this report, we have discussed some guidelines for ensuring information security risk
management. We have also presented the guidelines for security certification and accreditation.
For a robust security, the organization must first of all identify the assets, vulnerabilities and
threats as well as appropriate controls. After identification of the mentioned areas, the next step
should be mitigation strategies. This process should be practiced on a continuous basis to ensure
that the system is free from any kind of security breach. This should protect the organization’s
customer details from breach.
Executive summary
System security management is a factor of fundamental relevance in every business. Its
main goal is to protect an organization’s sensitive data. FuturePlus is a start-up charity
organization. The organization wants to expand in future and will be serving many clients.
Additionally, FuturePlus hold sensitive data for its contributors. Due to this, the organization is
likely to face cyber-attack. Hence it is imperative to come up with a robust security management
strategies that will ensure safety of the sensitive data in the organization system. And it is for this
purpose that we have come up with this report.
In this report, we have discussed some guidelines for ensuring information security risk
management. We have also presented the guidelines for security certification and accreditation.
For a robust security, the organization must first of all identify the assets, vulnerabilities and
threats as well as appropriate controls. After identification of the mentioned areas, the next step
should be mitigation strategies. This process should be practiced on a continuous basis to ensure
that the system is free from any kind of security breach. This should protect the organization’s
customer details from breach.
Information System Security Management 4
Introduction
Information security is an integral part of every organization in the modern days.
Information systems are used in every organization irrespective of the size of the business.
Although it may promise significant benefits to organizations, it is associated with security
issues. Hence it is imperative to consider security management strategies (Whitman and Mattord,
2013, pp.13). Following this rationale this article seek to document some information security
risk management and information security certification and accreditation guidelines for
FuturePlus organization.
Information security risk management
This involves the process of managing risks related to information technology (Spears
and Barki, 2010, pp.503-522; Poolsappasit, Dewri, and Ray, 2011, pp.61-74). It requires
processes such as identification, assessment and treatment of risks to the highest expectations of
the organization. The whole process aims at dealing with risks in accordance to the
organization’s general risk profile (Peltier, 2010, pp.08-12). Therefore, for the FuturePlus, it will
possibly help the disadvantaged students in terms of secured fee payments, accommodations in
addition to obtaining their educational goals. Eliminating risks in a business should not be
intended for just identification and achievement of moderate level of risk for an organization.
It was traditionally regarded as an IT function with the organization’s IT planning
strategy. It has recently revolved to a profound essential part of supportive activities to the
business organizations. The strategy provides most effective recognizable outcomes of high
value. An information security risk management strategy offers a framework information
infrastructure protection which aims at ensuring that the business goals and risk profile of the
organization are openly highlighted (Purdy, 2010, pp.881-886). The process requires three
Introduction
Information security is an integral part of every organization in the modern days.
Information systems are used in every organization irrespective of the size of the business.
Although it may promise significant benefits to organizations, it is associated with security
issues. Hence it is imperative to consider security management strategies (Whitman and Mattord,
2013, pp.13). Following this rationale this article seek to document some information security
risk management and information security certification and accreditation guidelines for
FuturePlus organization.
Information security risk management
This involves the process of managing risks related to information technology (Spears
and Barki, 2010, pp.503-522; Poolsappasit, Dewri, and Ray, 2011, pp.61-74). It requires
processes such as identification, assessment and treatment of risks to the highest expectations of
the organization. The whole process aims at dealing with risks in accordance to the
organization’s general risk profile (Peltier, 2010, pp.08-12). Therefore, for the FuturePlus, it will
possibly help the disadvantaged students in terms of secured fee payments, accommodations in
addition to obtaining their educational goals. Eliminating risks in a business should not be
intended for just identification and achievement of moderate level of risk for an organization.
It was traditionally regarded as an IT function with the organization’s IT planning
strategy. It has recently revolved to a profound essential part of supportive activities to the
business organizations. The strategy provides most effective recognizable outcomes of high
value. An information security risk management strategy offers a framework information
infrastructure protection which aims at ensuring that the business goals and risk profile of the
organization are openly highlighted (Purdy, 2010, pp.881-886). The process requires three
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Designing an Information Security Program Report 2022lg...
|20
|4646
|14
IT Risk Management And Its Importancelg...
|9
|2238
|33
Information Security Management: Guidelines for Risk Management and Certificationlg...
|14
|3312
|209
Organization Overview Report 2022lg...
|2
|379
|37
Information Security Risk Management for Smart Software Pty LTDlg...
|16
|4716
|355
Cyber Security Operation Management Risklg...
|8
|1789
|64