Management of Information Security
Added on 2023-04-11
15 Pages2804 Words294 Views
Running head: MANAGEMENT OF INFORMATION SECURITY
Management of information security
Name of the student:
Name of the university:
Author note:
Management of information security
Name of the student:
Name of the university:
Author note:
1MANAGEMENT OF INFORMATION SECURITY
Executive Summary
This report aims to make use of ISO 27005 standard for the management of security risk
(Agrawal, 2017). The main advantage of using this ISO 27005 standard for managing security
risk and improving the security level of organizations and businesses. There are several layers
of this risk assessment to manage the risk security; risk of the information security depends
upon various factors such as vulnerability, existing controls, assets and vulnerabilities (Mayer
et al, 2016). This risk assessment provides the monitoring of security risk and its factors to
manage the risk management and to treat the risk. After knowing the risk then only it is
possible to treat risk of security and to get detailed information of the risk, ISO 27005
security risk management is used. There are several benefits of this risk management model
in the business area such as the major undertaking for an organization it is necessary to gain
the backing, sponsorship and support of the management executive. Thereafter the report
ends by listing observations in conclusion section.
Executive Summary
This report aims to make use of ISO 27005 standard for the management of security risk
(Agrawal, 2017). The main advantage of using this ISO 27005 standard for managing security
risk and improving the security level of organizations and businesses. There are several layers
of this risk assessment to manage the risk security; risk of the information security depends
upon various factors such as vulnerability, existing controls, assets and vulnerabilities (Mayer
et al, 2016). This risk assessment provides the monitoring of security risk and its factors to
manage the risk management and to treat the risk. After knowing the risk then only it is
possible to treat risk of security and to get detailed information of the risk, ISO 27005
security risk management is used. There are several benefits of this risk management model
in the business area such as the major undertaking for an organization it is necessary to gain
the backing, sponsorship and support of the management executive. Thereafter the report
ends by listing observations in conclusion section.
2MANAGEMENT OF INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
Risk Assessment.........................................................................................................................3
Owner Specification...................................................................................................................3
System Boundaries.................................................................................................................3
Primary and Secondary Asset................................................................................................4
Threat of each assets..............................................................................................................4
Vulnerability for each Assets.................................................................................................5
Likelihood level computation................................................................................................5
Impact table specification......................................................................................................6
Risk Identification..................................................................................................................7
Section 1.................................................................................................................................8
Section 2.................................................................................................................................9
Section 3.................................................................................................................................9
Section 4 (Risk treatment plan)............................................................................................10
Summary..................................................................................................................................10
Recommendation......................................................................................................................11
References................................................................................................................................12
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
Risk Assessment.........................................................................................................................3
Owner Specification...................................................................................................................3
System Boundaries.................................................................................................................3
Primary and Secondary Asset................................................................................................4
Threat of each assets..............................................................................................................4
Vulnerability for each Assets.................................................................................................5
Likelihood level computation................................................................................................5
Impact table specification......................................................................................................6
Risk Identification..................................................................................................................7
Section 1.................................................................................................................................8
Section 2.................................................................................................................................9
Section 3.................................................................................................................................9
Section 4 (Risk treatment plan)............................................................................................10
Summary..................................................................................................................................10
Recommendation......................................................................................................................11
References................................................................................................................................12
3MANAGEMENT OF INFORMATION SECURITY
Introduction
This document is going to use ISO 27005 standard for the management of security
risk for CONVXYZ (Agrawal, 2017). The main advantage of using this ISO 27005 standard
for managing security risk and improving the security level of organizations and businesses.
There are several layers of this risk assessment to manage the risk security; risk of the
information security depends upon various factors such as vulnerability, existing controls,
assets and vulnerabilities (Mayer et al, 2016). This risk assessment provides the monitoring of
security risk and its factors to manage the risk management and to treat the risk. After
knowing the risk then only it is possible to treat risk of security and to get detailed
information of the risk, ISO 27005 security risk management is used. There are several
benefits of this risk management model in the business area such as the major undertaking for
an organization it is necessary to gain the backing, sponsorship and support of the
management executive. Improvement of opportunities, identification, and risk to the
information system.
This report will be include risk assessment of information security. Risk, threats and
vulnerability of the system provided to identify the security level of the system that is website
of CONVXYZ based on ISO 27005 standard. This report will also discuss about the owner
specified, primary and secondary assets and the threats and vulnerability that are related with
this assets. Risk identification carried out with respective risks plotted in Boston grid matrix.
In the last, there will be recommendation to improve the management of information security
for the organizations and business areas.
Introduction
This document is going to use ISO 27005 standard for the management of security
risk for CONVXYZ (Agrawal, 2017). The main advantage of using this ISO 27005 standard
for managing security risk and improving the security level of organizations and businesses.
There are several layers of this risk assessment to manage the risk security; risk of the
information security depends upon various factors such as vulnerability, existing controls,
assets and vulnerabilities (Mayer et al, 2016). This risk assessment provides the monitoring of
security risk and its factors to manage the risk management and to treat the risk. After
knowing the risk then only it is possible to treat risk of security and to get detailed
information of the risk, ISO 27005 security risk management is used. There are several
benefits of this risk management model in the business area such as the major undertaking for
an organization it is necessary to gain the backing, sponsorship and support of the
management executive. Improvement of opportunities, identification, and risk to the
information system.
This report will be include risk assessment of information security. Risk, threats and
vulnerability of the system provided to identify the security level of the system that is website
of CONVXYZ based on ISO 27005 standard. This report will also discuss about the owner
specified, primary and secondary assets and the threats and vulnerability that are related with
this assets. Risk identification carried out with respective risks plotted in Boston grid matrix.
In the last, there will be recommendation to improve the management of information security
for the organizations and business areas.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment on Network of CONVXYZlg...
|16
|3227
|104
Risk Assessment on Network Infrastructure of CONVXYZlg...
|27
|3351
|91
Information Security Managementlg...
|11
|3202
|65
Information Security Management: Risk Assessment and Recommendationslg...
|11
|2902
|54
Risk Assessment of Auditing Tools Name of the University Author Notelg...
|9
|1545
|48
CONVXYZ Risk Assessmentlg...
|19
|3223
|38