Security Management: Risk Assessment, Compliance, and Business Continuity
Added on 2023-06-12
25 Pages5075 Words119 Views
|
|
|
Running head: SECURITY MANAGEMENT
Security Management
Name of the Student
Name of the University
Author’s Note:
Security Management
Name of the Student
Name of the University
Author’s Note:
1
SECURITY MANAGEMENT
Table of Contents
Year 2013...................................................................................................................................2
Year 2014...................................................................................................................................7
Year 2015.................................................................................................................................11
Year 2016.................................................................................................................................15
Year 2017.................................................................................................................................19
SECURITY MANAGEMENT
Table of Contents
Year 2013...................................................................................................................................2
Year 2014...................................................................................................................................7
Year 2015.................................................................................................................................11
Year 2016.................................................................................................................................15
Year 2017.................................................................................................................................19
2
SECURITY MANAGEMENT
Year 2013
1. Internal control in auditing and accounting can be defined as the procedure of
assuring the achievement of the objectives of any specific organization in the effectiveness in
operations and the efficiency in compliance with the policies, regulations and laws.
The five layers of COSO model are as follows:
i) Control Environment
ii) Risk Assessment
iii) Control Activities
iv) Information and Communication
v) Monitoring Activities
The three layers of COSO model are information and communication, risk assessment
and control activities. Security management in information and communication helps to
secure the information that is being identified and communication within a specific
timeframe. Security management in risk assessment helps to secure and prevent the risks that
are being analyzed on the basis of determining them, i.e. either residual or inherent. There are
various policies and procedures that are implemented within the layer of control activities for
ensuring that the risks responses are properly carried out. Security management helps to
maintain those policies and procedures effectively.
The two examples of ineffective security management damaging internal control are
inadequate records and lack of control in authorized transactions.
SECURITY MANAGEMENT
Year 2013
1. Internal control in auditing and accounting can be defined as the procedure of
assuring the achievement of the objectives of any specific organization in the effectiveness in
operations and the efficiency in compliance with the policies, regulations and laws.
The five layers of COSO model are as follows:
i) Control Environment
ii) Risk Assessment
iii) Control Activities
iv) Information and Communication
v) Monitoring Activities
The three layers of COSO model are information and communication, risk assessment
and control activities. Security management in information and communication helps to
secure the information that is being identified and communication within a specific
timeframe. Security management in risk assessment helps to secure and prevent the risks that
are being analyzed on the basis of determining them, i.e. either residual or inherent. There are
various policies and procedures that are implemented within the layer of control activities for
ensuring that the risks responses are properly carried out. Security management helps to
maintain those policies and procedures effectively.
The two examples of ineffective security management damaging internal control are
inadequate records and lack of control in authorized transactions.
3
SECURITY MANAGEMENT
Security management is the subset of internal control as this internal control is
utilized for achieving various rules and regulations for maintaining the operational
effectiveness and security management is used for ensuring the fact that security is
maintained properly.
2. The main objective of information security risk assessment is to provide an
accurate and proper inventory of all the data as well as information technology assets. This
particular objective mainly depends on the asset values or importance of the assets.
The five steps in risk assessment process are as follows:
i) Identification of hazards or anything that causes harm.
ii) Taking the decision that who would be harmed.
iii) Assessing the risks and finally taking actions.
iv) Making a record of all those findings.
v) Reviewing the final risk assessment.
Two examples of risk assessment contributing to the transparency of security
management are as follows:
i) Delivering Products: The security of the cars that are being driven should be kept
on first priority. The risk assessment process in this particular example could be identifying
the problem, i.e. understanding the risks of drivers working alone and could be stuck in
congested traffic. Then decision is to be taken, the customer is harmed. An action could be
calling the driver and asking him to be on time and finally making a record so that he is no
longer late.
SECURITY MANAGEMENT
Security management is the subset of internal control as this internal control is
utilized for achieving various rules and regulations for maintaining the operational
effectiveness and security management is used for ensuring the fact that security is
maintained properly.
2. The main objective of information security risk assessment is to provide an
accurate and proper inventory of all the data as well as information technology assets. This
particular objective mainly depends on the asset values or importance of the assets.
The five steps in risk assessment process are as follows:
i) Identification of hazards or anything that causes harm.
ii) Taking the decision that who would be harmed.
iii) Assessing the risks and finally taking actions.
iv) Making a record of all those findings.
v) Reviewing the final risk assessment.
Two examples of risk assessment contributing to the transparency of security
management are as follows:
i) Delivering Products: The security of the cars that are being driven should be kept
on first priority. The risk assessment process in this particular example could be identifying
the problem, i.e. understanding the risks of drivers working alone and could be stuck in
congested traffic. Then decision is to be taken, the customer is harmed. An action could be
calling the driver and asking him to be on time and finally making a record so that he is no
longer late.
4
SECURITY MANAGEMENT
ii) Financial Risks: The security of this type of risks should be transparent as the
financial risks could be extremely dangerous. The risk assessment process in this particular
example could be hacking of financial data and proper mitigation techniques should be
implemented.
Risk assessment helps in making the information security management absolutely
transparent to the stakeholders as it helps to identify as well as control all the risks in the
organization.
3. Trust is the reliance on any specific individual or organization about any particular
situation or phenomenon.
Trust in security management provides assumptions and these assumptions are
eventually implicit when the systems are changed. The major aspects of security management
include identification of organizational assets, documentation, and policy implementation.
These procedures help in risk assessment and threat assessment.
The examples of lost trust in security management are as follows:
i) Decision makers finding it extremely difficult in mitigating the vulnerabilities after
taking necessary resources to gain business goals. This occurred as the resources selected
were not secured and hence problems occurred. Security measures should be undertaken for
securing these assets.
ii) The old hardware could be affected with the threats and vulnerabilities and hence
the security would be affected. It occurred as antivirus or anti malware was not installed. The
probable security measure is by securing the hardware with antivirus or anti malware
protection.
SECURITY MANAGEMENT
ii) Financial Risks: The security of this type of risks should be transparent as the
financial risks could be extremely dangerous. The risk assessment process in this particular
example could be hacking of financial data and proper mitigation techniques should be
implemented.
Risk assessment helps in making the information security management absolutely
transparent to the stakeholders as it helps to identify as well as control all the risks in the
organization.
3. Trust is the reliance on any specific individual or organization about any particular
situation or phenomenon.
Trust in security management provides assumptions and these assumptions are
eventually implicit when the systems are changed. The major aspects of security management
include identification of organizational assets, documentation, and policy implementation.
These procedures help in risk assessment and threat assessment.
The examples of lost trust in security management are as follows:
i) Decision makers finding it extremely difficult in mitigating the vulnerabilities after
taking necessary resources to gain business goals. This occurred as the resources selected
were not secured and hence problems occurred. Security measures should be undertaken for
securing these assets.
ii) The old hardware could be affected with the threats and vulnerabilities and hence
the security would be affected. It occurred as antivirus or anti malware was not installed. The
probable security measure is by securing the hardware with antivirus or anti malware
protection.
5
SECURITY MANAGEMENT
Trust in the information security management is solely promoted as it helps in
processing symbolic representations of the trust for automatic decision making processes.
Moreover, it is implemented in information security mainly in the access control policies.
4. Two areas of legislation affecting the information security management are as
follows:
i) Hacking of Systems can be a major area of legislation for the information security
management. Violations of the rules for hacking any confidential system could be extremely
dangerous for any organization.
ii) Violation of the compliance laws is the second area of legislation that affects the
information security management. These laws help to maintain the integrity and authenticity
of any organization.
For the hacking of systems, there are strict laws in every nation that help to mitigate
such activities. The best example of this is the high penalties that are being incurred fir
hacking the system. Moreover, the hackers get up to 20 years of imprisonment.
For the violation of compliance laws in any organization, various legal actions are
taken. One of the examples is infringement or several violations of rights regarding
intellectual property.
All the aspects of law in any organization should be known by the security manager
as he is responsible for the technical and functional expertise and any wrong functionality in
the systems should be reported to him directly.
5. The main purpose of business continuity is to help the organization in responding
to all types of disruptions to the critical business processes.
SECURITY MANAGEMENT
Trust in the information security management is solely promoted as it helps in
processing symbolic representations of the trust for automatic decision making processes.
Moreover, it is implemented in information security mainly in the access control policies.
4. Two areas of legislation affecting the information security management are as
follows:
i) Hacking of Systems can be a major area of legislation for the information security
management. Violations of the rules for hacking any confidential system could be extremely
dangerous for any organization.
ii) Violation of the compliance laws is the second area of legislation that affects the
information security management. These laws help to maintain the integrity and authenticity
of any organization.
For the hacking of systems, there are strict laws in every nation that help to mitigate
such activities. The best example of this is the high penalties that are being incurred fir
hacking the system. Moreover, the hackers get up to 20 years of imprisonment.
For the violation of compliance laws in any organization, various legal actions are
taken. One of the examples is infringement or several violations of rights regarding
intellectual property.
All the aspects of law in any organization should be known by the security manager
as he is responsible for the technical and functional expertise and any wrong functionality in
the systems should be reported to him directly.
5. The main purpose of business continuity is to help the organization in responding
to all types of disruptions to the critical business processes.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents