logo

Risk Management Process for Information Security at CommDev

An overview of CommDev, a tier-2 not-for-profit organization focused on community development in marginalized areas in developing and/or 3rd world countries.

14 Pages4806 Words131 Views
   

Added on  2023-06-03

About This Document

This article discusses the risk management process for information security at CommDev, an organisation that supports needy children in the Pacific and Asian regions. It explains the steps involved in assessing risks, threat assessment, and vulnerable analysis. The article also highlights the importance of confidentiality, integrity, and availability of information, and the need for continuous evaluation and updating of risk mitigation strategies.

Risk Management Process for Information Security at CommDev

An overview of CommDev, a tier-2 not-for-profit organization focused on community development in marginalized areas in developing and/or 3rd world countries.

   Added on 2023-06-03

ShareRelated Documents
Introduction
Information security of a given company should always be treated in a very serious way. The
security of such information if not handled well may lead to leakage or data being comprised
leading to the organisation losing its data confidentiality. It is very hard for a company to secure
their information and feel that they are fully satisfied with the method they have applied in
securing their information. It is mandatory for any company to set some risk management
strategies with regards to how such vulnerabilities and insecurity issues can be handled in cases
where they occur. It is common nowadays to hear or even see incidences where a specific
organisation security has been breached or comprised. In consideration to CommDev case study,
for instance a computer or a laptop at CommDev is lost or even stolen or a situation where their
data center which has servers is accessed without their authentication and authorization.
CommDev is an organisation which aims at supporting the needy children in the Pacific and
Asian regions and particularly in Australia where its headquarters are based. CommDev is an
organisation that is there to not to make profits but its main mission to doing charitable works
like helping the children to achieve their dreams in all aspects of what they do in schools
regardless of the ethnicity and race. The incidents may be net worth considering that the
confidentiality of data will be lost. A CommDev just like the modern society and companies has
entirely depended on the third party storage, transmission of data and the consumption of
information. Information at any organisation is always considered to be an asset which is
valuable and is supposed to be protected always at all times regardless of what entails.
Information security is known for comprising of a CIA triangle. The word CIA means
Confidentiality, Integrity and Availability of information respectively (adrofee, 2016).
Sometimes accountability is considered as an aspect too which plays a major role in protecting
the information.
Risk Management Process for Information Security at CommDev_1
Confidentiality is known as the protection of CommDev information against cases of theft and
eavesdropping. Integrity on the other hand with concept to CommDev is the protection of their
information to anybody who is not authorized to modify and masquerade. Availability is simply
the dependable user’s access to the information that is authorized and in particular in the light of
attacks such as DOS attacks against the information system. Lastly is the concept of
accountability which is assigning all the responsibilities and traceable actions to all the parties
involved.
CommDev is an institution which has resources which are limited and when it comes to
dedicating such to the information security then it might be a challenge to the management.
There must be a balance between the limited resources against the information value the possible
threats which are against and associated with (Blakley, 2012). Information security is known to
be entirely a problem for risk management. It will be unreasonable for any individual to believe
and think that all the valuable information can always be kept safe against all the predicted and
unpredicted attacks. Any attacker or a person with unlimited determination and all the resources
in performing an attack can do harm to the organisation information. In considering a situation
where there are defenses, there will be point where there will be existence of probability for an
optimization to be successful. There are many situations where many organisations such as
CommDev find themselves eliminating risks while in real sense a more practical approaches
would have been better as it will strategically craft all the defenses in security by mitigating or
minimizing all the risks to all levels which are acceptable. For CommDev to accomplish the
Risk Management Process for Information Security at CommDev_2
discussed goal, it will be necessary for them to perform a methodical analysis of the risks. This
chapter has entailed the overview of the risk management process.
Background
Risk management in an organization like CommDev may be so tricky and very wide. In this
concept risk management may be categorized in to three processes as shown in te diagram below
figure below.
Figure 1 risk management steps
As a researcher and a viewer of such management processes of risk in information security it will
be good for one to note there are no universal agreement which are made on the above three
processes, but in most cases the views will share the risk common elements which are to be
assessed and mitigated (Reinhard, 2011). Risk assessment is done and considered as the first
step where a risk must be assessed for one to confirm it for sure the risk can be a threat to the
information. After the risk has been assessed then if it may pose some threats to the organisation
then it will be wise to mitigate such risks and provide an effective evaluation. Risk assessment is
usually performed to help one understand the processing and system storage of the information
which is valuable, vulnerabilities of the system, some of the possible threats, impacts which are
likely posed by such threats and much more the risks which will emerge posing a threat to the
entire system.
Risk assessment is considered to be very simple and sometimes considered as an academic
exercise without inclusion of the mitigation of the risk process (navathe, 2012). The concept risk
mitigation means that a strategic plan that is used in prioritizing all the identified risks under any
constraints of the limited resources of organization. The third and last process is that of effective
Risk Management Process for Information Security at CommDev_3
assessment which has a goal of measuring and verifying the objectives of the risk mitigated if
they have been met accordingly and according to the to the organisation needs and requirements
with reference to information they need to be secured. If there is not clear then the other two
steps first and second that is risk assessment and mitigation must be updated accordingly for the
effects to reflect. Essentially, effectiveness assessment is meant for giving feedback to the first
and second processes and much more in ensuring correctness. The environment surrounding
CommDev environment as explained in the case study can be termed to be not static. CommDev
environment not being static has led them to have the need of having continuous process of
evaluation and updating the risk mitigated strategies with information which may be said to new
to the organisation.
Risk Assessment at CommDev.
It is not possible for an individual or an organisation to know when they will be attacked. Risks
is really explained on the basis on what is expected or might happen (jaquith, 2013). However,
threat may not be considered much of a risk in situations where the system that is protected is in
any way not vulnerable to the specific threats or the potential loss making it not to be significant.
Risk is known to be vulnerabilities functions and the impacts which are expected from the threats
available or posed. Risk assessment at CommDev may involve several steps in knowing and
understanding the assets value, vulnerabilities of the system, threats which are possible,
likelihoods of such threats and the impacts which are expected in case such attacks are
successful. The figure below is used to show the steps that CommDev can use in assessing the
risk in the organisation.
Risk Management Process for Information Security at CommDev_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Security Issues in Information Technology (pdf)
|12
|2988
|346

The advancement of the technology
|4
|466
|13

Target Data Breach: Threats, Protections, and Legal/Ethical Issues
|8
|1725
|99

Assignment on Information Security
|13
|2568
|146

Security Principles
|8
|1397
|436

Cyber-security Assesment Report
|4
|890
|8