IT Security Risk Assessment
Added on 2022-09-14
13 Pages2259 Words16 Views
Running head: SECURITY POLICY
Security procedures and processes
Name of the Student
Name of the University
Author’s Note
Security procedures and processes
Name of the Student
Name of the University
Author’s Note
1
SECURITY POLICY
Table of Contents
Task 1.........................................................................................................................................2
IT security risk assessment.....................................................................................................2
Data protection processes and regulations.............................................................................2
ISO 31000 risk management methodology............................................................................3
Impact of IT security audit on organizational security..........................................................4
Roles of stakeholders.............................................................................................................5
Explanation of IT security alignment.....................................................................................6
List of components for organizational disaster recovery plan...............................................6
Evaluation of proposed tools for IT security..........................................................................7
Task 2.........................................................................................................................................7
Implementation of security policy.........................................................................................7
References..................................................................................................................................9
SECURITY POLICY
Table of Contents
Task 1.........................................................................................................................................2
IT security risk assessment.....................................................................................................2
Data protection processes and regulations.............................................................................2
ISO 31000 risk management methodology............................................................................3
Impact of IT security audit on organizational security..........................................................4
Roles of stakeholders.............................................................................................................5
Explanation of IT security alignment.....................................................................................6
List of components for organizational disaster recovery plan...............................................6
Evaluation of proposed tools for IT security..........................................................................7
Task 2.........................................................................................................................................7
Implementation of security policy.........................................................................................7
References..................................................................................................................................9
2
SECURITY POLICY
Task 1
IT security risk assessment
The risk assessment is mainly utilized for identification or prioritization of risks of the
operational activities of the organizations and most of the activities are derived from the use
of information technology (Safa, Von Solms and Furnell 2016). However, the risks within the
organizational activities may occur a huge monetary losses which leads ton decrement of
business profitability. Fundamentally, the risk assessment consists of three factors including
importance of business assets (employees or money etc), critical effect of threats and also
vulnerability of the system due to threats. Therefore, it requires to stop the organizational
risks by collecting lots of information (Sommestad et al. 2014). The information may be
collected through interview or analysing the system or infrastructure and also reviewing of
the documentation. The overall risk assessment conducts through few steps and the steps are
such as:
Finding of all of the valuable assets.
Identification of potential customers.
Identification of threats along with their levels.
Identification of vulnerabilities within the organization.
Assessment of risk.
Making of risk assessment plan by risk register.
Making of strategy which helps to mitigate the selected risks.
Proceed the mitigation process.
Data protection processes and regulations
The General Data Protection Regulation (GDPR) is a kind of data protection policies
of the European Union and implement the policies to the organizations and also colleges.
SECURITY POLICY
Task 1
IT security risk assessment
The risk assessment is mainly utilized for identification or prioritization of risks of the
operational activities of the organizations and most of the activities are derived from the use
of information technology (Safa, Von Solms and Furnell 2016). However, the risks within the
organizational activities may occur a huge monetary losses which leads ton decrement of
business profitability. Fundamentally, the risk assessment consists of three factors including
importance of business assets (employees or money etc), critical effect of threats and also
vulnerability of the system due to threats. Therefore, it requires to stop the organizational
risks by collecting lots of information (Sommestad et al. 2014). The information may be
collected through interview or analysing the system or infrastructure and also reviewing of
the documentation. The overall risk assessment conducts through few steps and the steps are
such as:
Finding of all of the valuable assets.
Identification of potential customers.
Identification of threats along with their levels.
Identification of vulnerabilities within the organization.
Assessment of risk.
Making of risk assessment plan by risk register.
Making of strategy which helps to mitigate the selected risks.
Proceed the mitigation process.
Data protection processes and regulations
The General Data Protection Regulation (GDPR) is a kind of data protection policies
of the European Union and implement the policies to the organizations and also colleges.
3
SECURITY POLICY
This data protection policy provides a guidance to the colleges for protecting the existing data
of the colleges (Hsu et al. 2015). The data protection policies are given in below:
It requires to make the legal changes on the data collection procedures of the students
for a certain period of time including August and also September due to having annual
turnover (Putri and Hovav 2014).
It requires to ensure that it must has the sufficient protection policy in old IT based
system in case of personal data.
It requires to provide the huge protection for the sensitive data of the colleges for
overcoming the disadvantages of data losing as well as improving the organizational
performance.
It needs to develop the adequate arrangements for communication privacy purposes
with the students and also another data subjects.
It requires to provide the proper reporting of the privacy issues to the Data protection
officer or equivalent government bodies.
It requires to integrate the data protection law along with their obligations under
Freedom of Information Act.
ISO 31000 risk management methodology
ISO 31000 risk management policy is the International standard policy which was
founded in the year of 2009. This policy provides a proper guidance as well as principles for
the risk management for the organizations. This policy does not give the detailed solution for
managing the particular organizational risks, moreover it provides a generalised procedures
by which the risks within the organization can be managed.
This risk management based standard outlines with few major activities including:
Risk identification – The identification process is required for preventing the risks.
SECURITY POLICY
This data protection policy provides a guidance to the colleges for protecting the existing data
of the colleges (Hsu et al. 2015). The data protection policies are given in below:
It requires to make the legal changes on the data collection procedures of the students
for a certain period of time including August and also September due to having annual
turnover (Putri and Hovav 2014).
It requires to ensure that it must has the sufficient protection policy in old IT based
system in case of personal data.
It requires to provide the huge protection for the sensitive data of the colleges for
overcoming the disadvantages of data losing as well as improving the organizational
performance.
It needs to develop the adequate arrangements for communication privacy purposes
with the students and also another data subjects.
It requires to provide the proper reporting of the privacy issues to the Data protection
officer or equivalent government bodies.
It requires to integrate the data protection law along with their obligations under
Freedom of Information Act.
ISO 31000 risk management methodology
ISO 31000 risk management policy is the International standard policy which was
founded in the year of 2009. This policy provides a proper guidance as well as principles for
the risk management for the organizations. This policy does not give the detailed solution for
managing the particular organizational risks, moreover it provides a generalised procedures
by which the risks within the organization can be managed.
This risk management based standard outlines with few major activities including:
Risk identification – The identification process is required for preventing the risks.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Assignment on IT Security pdflg...
|9
|1771
|346
Computer Information Systemlg...
|14
|3526
|496
Information Security Management for CloudXYZ: Risk Assessment and Mitigationlg...
|18
|3419
|275
iT Securitylg...
|17
|5127
|60
Security Presentation and Guidebooklg...
|13
|3119
|308
Assessing Security Risks to Organisationlg...
|21
|5004
|59