Assignment on IS Security and Risk Management
16 Pages4024 Words37 Views
Added on 2020-04-07
Assignment on IS Security and Risk Management
Added on 2020-04-07
ShareRelated Documents
Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management
Student Name
Institution
IS Security and Risk Management
Student Name
Institution
IS SECURITY AND RISK MANAGEMENT 2
Information system security and Risk Management at Hewlett-Packard Manufacturing
Company
Introduction
Information System has become a very important infrastructure in any company across
the world. The survival of most companies today is based on the security of their information
system. However, there has never been an integrated model that has the capacity to access the
possible security risks and effectively protect the information as well as the assets. Information
systems such as emails, messengers, e-commerce, chatting, and m-commerce via the internet, are
increasingly exposed to cyber security accidents (Bagchi, 2017). In order to ensure effective
performance of any information System, a company must invest in securing the system. In
addition, a proper risk management system must be put in place. This can only be done through
the employment of several distinct measures. It is indisputable that there is a continued need to
secure information systems (IS) (Anton, Anderson, Mesic, & Scheier, 2004).
There have been increased incidences of IS security and risks (Kaschek, Kop, & Claudia,
2008). Information system security and risk management require continuous assessment of any
risk that may be exposed to the system. Discovery of any risk should be prevented within the
shortest time possible. The major component of Information system security is risk management
process (Pfleeger & Pfleeger, 2012). The process should be incorporated alongside risk
assessment. The process of risk management should be done through the installation of
preventive measures of future security problems to the system. SI risk assessment practice is in
compliance with the security standards that have been set by HIPAA as well as CEISP. Risk
assessment enables organizations to determine risk levels that are acceptable to them. They are
then able to set appropriate security requirements.
Information system security and Risk Management at Hewlett-Packard Manufacturing
Company
Introduction
Information System has become a very important infrastructure in any company across
the world. The survival of most companies today is based on the security of their information
system. However, there has never been an integrated model that has the capacity to access the
possible security risks and effectively protect the information as well as the assets. Information
systems such as emails, messengers, e-commerce, chatting, and m-commerce via the internet, are
increasingly exposed to cyber security accidents (Bagchi, 2017). In order to ensure effective
performance of any information System, a company must invest in securing the system. In
addition, a proper risk management system must be put in place. This can only be done through
the employment of several distinct measures. It is indisputable that there is a continued need to
secure information systems (IS) (Anton, Anderson, Mesic, & Scheier, 2004).
There have been increased incidences of IS security and risks (Kaschek, Kop, & Claudia,
2008). Information system security and risk management require continuous assessment of any
risk that may be exposed to the system. Discovery of any risk should be prevented within the
shortest time possible. The major component of Information system security is risk management
process (Pfleeger & Pfleeger, 2012). The process should be incorporated alongside risk
assessment. The process of risk management should be done through the installation of
preventive measures of future security problems to the system. SI risk assessment practice is in
compliance with the security standards that have been set by HIPAA as well as CEISP. Risk
assessment enables organizations to determine risk levels that are acceptable to them. They are
then able to set appropriate security requirements.
IS SECURITY AND RISK MANAGEMENT 3
Investigation, tools, and techniques
According to Information System (IS) security experts, one of the main techniques of risk
management process is a risk assessment. The assessment should be done by professionals who
are well trained and can easily identify risks in the information system before the system
becomes vulnerable. Risk management refers to continuous a process that involves analysis,
planning, monitoring and implementation of security measures of an information system
(Kovacich, 2003). The process has since become a policy in most organizations across the world.
Risk assessment which is a type of risk management process is executed in an interval of time. It
can be done on yearly basis or on demand, based on the security requirement of the given
Information System. It is important to note that risk management is a process that entails a
sequence of events and activities.
There are structuring and re-configuration processes that are involved in risk
management. Organizations often tend to generate instantiations that are favorable to them. It is
necessary to conduct an assessment of an organization’s IS the security controls from time to
time. However, the continuous assessment cannot fully secure an information system (Tipton &
Nozaki, 2012). A fully secure system demands for continuous monitoring of the system. A
development life cycle of the system should also be put in place to monitor the effectiveness of
the system over time. One technique that Hewlett-Packard Company uses for securing the system
is through continued monitoring of the systems security details. In addition, all the changes that
are made to the system are documented so that there is a reference whenever there is a security
Investigation, tools, and techniques
According to Information System (IS) security experts, one of the main techniques of risk
management process is a risk assessment. The assessment should be done by professionals who
are well trained and can easily identify risks in the information system before the system
becomes vulnerable. Risk management refers to continuous a process that involves analysis,
planning, monitoring and implementation of security measures of an information system
(Kovacich, 2003). The process has since become a policy in most organizations across the world.
Risk assessment which is a type of risk management process is executed in an interval of time. It
can be done on yearly basis or on demand, based on the security requirement of the given
Information System. It is important to note that risk management is a process that entails a
sequence of events and activities.
There are structuring and re-configuration processes that are involved in risk
management. Organizations often tend to generate instantiations that are favorable to them. It is
necessary to conduct an assessment of an organization’s IS the security controls from time to
time. However, the continuous assessment cannot fully secure an information system (Tipton &
Nozaki, 2012). A fully secure system demands for continuous monitoring of the system. A
development life cycle of the system should also be put in place to monitor the effectiveness of
the system over time. One technique that Hewlett-Packard Company uses for securing the system
is through continued monitoring of the systems security details. In addition, all the changes that
are made to the system are documented so that there is a reference whenever there is a security
IS SECURITY AND RISK MANAGEMENT 4
threat to the system. Reference can also be made when a risk is discovered in the information
system (Jones & Ashenden, 2005).
Based on the result of security assessment report, remediation actions would be
conducted at a later stage. The final security status is reported to the officials who are in charge
of the system. HP company management has made effort and ensured that there is periodic
review of the information system’s security status. The security techniques are based on the
guidance of NIST SP800-37. The company has come up with their own approaches that they use
in managing their information systems and the possible changes that may be associated with
them. Responsibilities of an owner of the information system would be greatly reduced if
configuration management is done so that there is only one common security control. However,
HP is a multinational company and has the financial capacity to employ enough personnel who
can effectively manage their systems. In addition, Hewlett-Packard’s information system
administrators have accorded priority to volatile security controls in the system since they have a
greater impact in any organization (Alberts & Dorofee, 2002).
Risk analysis matrix and control
It is almost impossible to develop an integrated security model that can be used to
address all the risks associated with an information system (Bidgoli, 2016). The proposed risk
analysis matrix is through adaptation of software risk management. One of the attributes of
software quality is the software itself. The security risk should, therefore, be investigated in
terms of the software risk. Security risk refers to the damage or attacks that are made towards an
information system. According to the risk analysis matrix, damages that are made on the assets
of any organization as a result of cybersecurity can be categorized according to the vulnerability
and threats to the assets.
threat to the system. Reference can also be made when a risk is discovered in the information
system (Jones & Ashenden, 2005).
Based on the result of security assessment report, remediation actions would be
conducted at a later stage. The final security status is reported to the officials who are in charge
of the system. HP company management has made effort and ensured that there is periodic
review of the information system’s security status. The security techniques are based on the
guidance of NIST SP800-37. The company has come up with their own approaches that they use
in managing their information systems and the possible changes that may be associated with
them. Responsibilities of an owner of the information system would be greatly reduced if
configuration management is done so that there is only one common security control. However,
HP is a multinational company and has the financial capacity to employ enough personnel who
can effectively manage their systems. In addition, Hewlett-Packard’s information system
administrators have accorded priority to volatile security controls in the system since they have a
greater impact in any organization (Alberts & Dorofee, 2002).
Risk analysis matrix and control
It is almost impossible to develop an integrated security model that can be used to
address all the risks associated with an information system (Bidgoli, 2016). The proposed risk
analysis matrix is through adaptation of software risk management. One of the attributes of
software quality is the software itself. The security risk should, therefore, be investigated in
terms of the software risk. Security risk refers to the damage or attacks that are made towards an
information system. According to the risk analysis matrix, damages that are made on the assets
of any organization as a result of cybersecurity can be categorized according to the vulnerability
and threats to the assets.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Management in Cloud Data Security: Overview, Preventions, and Lessons Learnt from Uber Data Breachlg...
|24
|1401
|303
Information Technology and Risk Assessment Reportlg...
|10
|2137
|431
IT Security Risks and Risk Mitigation Approaches : Reportlg...
|7
|2906
|188
Risk Management Plan - Assignment Samplelg...
|11
|2841
|38
Report on Types of Application Used in Industrylg...
|8
|2010
|67
IT Risk Assessment and Cyber Security Lead Consultant for Gigantic Corporationlg...
|10
|3551
|91