Security Management and Governance
Added on 2023-06-10
7 Pages1663 Words87 Views
Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security Management and Governance
[Name of the Student]
[Name of the University]
[Author note]
Security Management and Governance
[Name of the Student]
[Name of the University]
[Author note]
1SECURITY MANAGEMENT AND GOVERNANCE
Risk Management:
Risk Management is process which is adopted for the identification of the risk, which is
followed by the assessing of the risk and taking of certain steps in order to reduce the risk to a
level which is acceptable. Risk management acts as a critical factor for GUMC as this is
associated with providing assistance in the process of successful implementation and
maintenance of a secure environment. The process of risk assessments would be associated with
the identification, quantification, and prioritization of the risks against the criteria of GUMC so
as to accept the risks and the objectives. Obtained results would be associated with guiding and
determine the actions which are appropriate along with determining which actions are to be
prioritized so as to manage the risks related to information security along with implementing
controls which are required for protecting the information assets.
Following are the steps which are to be included in the Risk management process:
1. Identification of the different kind of risks
a. In this step the assets of the agency identified along with identifying the owners of the
information
b. Identification of various kind of threats that might be faced by the assets
c. Identification of the vulnerabilities that are having the possibility of getting exploited by the
different identified threats
d. Identification of the impacts on the assets that might occur due to loss of confidentiality,
integrity and availability.
Risk Management:
Risk Management is process which is adopted for the identification of the risk, which is
followed by the assessing of the risk and taking of certain steps in order to reduce the risk to a
level which is acceptable. Risk management acts as a critical factor for GUMC as this is
associated with providing assistance in the process of successful implementation and
maintenance of a secure environment. The process of risk assessments would be associated with
the identification, quantification, and prioritization of the risks against the criteria of GUMC so
as to accept the risks and the objectives. Obtained results would be associated with guiding and
determine the actions which are appropriate along with determining which actions are to be
prioritized so as to manage the risks related to information security along with implementing
controls which are required for protecting the information assets.
Following are the steps which are to be included in the Risk management process:
1. Identification of the different kind of risks
a. In this step the assets of the agency identified along with identifying the owners of the
information
b. Identification of various kind of threats that might be faced by the assets
c. Identification of the vulnerabilities that are having the possibility of getting exploited by the
different identified threats
d. Identification of the impacts on the assets that might occur due to loss of confidentiality,
integrity and availability.
2SECURITY MANAGEMENT AND GOVERNANCE
2. Evaluation and analysis of the risks
a. Business impacts upon the GUMC are to be assessed and this impacts might be due to the
failure in security and many more reasons. The consequences of the loss of confidentiality,
integrity or availability of the assets are taken into account so as to access the impacts.
b. The likelihood of the realistic of security failures are to be accessed
c. The risk level is also to be estimated
d. Determining of the fact that if the risks which would occur are acceptable or not
3. Identification and evaluation of the options so as to provide treatment to the risk
a. Application of controls which are appropriate
b. risks are to be accepted
c. risks are to be avoided
d. Transferring of the risk associated with the information system to some other parties
4. The last step includes the selection of the control objectives along with providing controls
so as to treat the risks.
It is not possible for a set of rules to provide a complete security and due to this reason
some additional amount of management actions are to be deployed so as to monitor, evaluate,
and improve the security controls effectiveness and the efficiency as well in order to provide
support to the GUMC’s goals and objectives.
5. Benefits of the risk Assessment plan:
The risk management plan is to be included so as to make sure of the fact the risks are managed
in a proper way by the organization GUMC. The major goal of including this plan is for the
purpose of reducing the impacts that the negative risks are having upon the new system along
2. Evaluation and analysis of the risks
a. Business impacts upon the GUMC are to be assessed and this impacts might be due to the
failure in security and many more reasons. The consequences of the loss of confidentiality,
integrity or availability of the assets are taken into account so as to access the impacts.
b. The likelihood of the realistic of security failures are to be accessed
c. The risk level is also to be estimated
d. Determining of the fact that if the risks which would occur are acceptable or not
3. Identification and evaluation of the options so as to provide treatment to the risk
a. Application of controls which are appropriate
b. risks are to be accepted
c. risks are to be avoided
d. Transferring of the risk associated with the information system to some other parties
4. The last step includes the selection of the control objectives along with providing controls
so as to treat the risks.
It is not possible for a set of rules to provide a complete security and due to this reason
some additional amount of management actions are to be deployed so as to monitor, evaluate,
and improve the security controls effectiveness and the efficiency as well in order to provide
support to the GUMC’s goals and objectives.
5. Benefits of the risk Assessment plan:
The risk management plan is to be included so as to make sure of the fact the risks are managed
in a proper way by the organization GUMC. The major goal of including this plan is for the
purpose of reducing the impacts that the negative risks are having upon the new system along
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
BUSM4194 - Diploma of Leadership and Managementlg...
|15
|2196
|56
Enterprise Information Security Risk Analysislg...
|4
|623
|221
Management Risklg...
|14
|3021
|41
Risk Assessment for Cyber Security Management - Deskliblg...
|13
|3482
|205
IT Risk Management Assignmentlg...
|13
|3551
|45
Developing a Security Management Program and Risk Assessment Plan for Power AIlg...
|15
|3186
|124