Information Security Management Report for Academics for Academics
VerifiedAdded on 2020/05/16
|18
|4225
|129
Report
AI Summary
This report focuses on information security management for Academics for Academics (A4A), a non-governmental organization. It begins with an executive summary outlining the need for risk mitigation to prevent unauthorized access to A4A's resources. The report identifies key information assets, including staff, data, and IT infrastructure, and assesses associated risks. It categorizes risks based on their potential impact, emphasizing the need for guidelines to protect confidential information, including personal and financial data, and the data produced for colleges and universities. The report proposes guidelines for managing risks, including the secure use of information assets and mitigation of insider and outsider threats like malware and unauthorized data access. The report concludes by considering assumptions made during guideline development and emphasizes the importance of prioritizing risk mitigation based on asset value and impact on the organization. The report aims to provide long-term security options for A4A, forming the basis for effective threat handling and mitigation.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note
Information Security Management
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY MANAGEMENT
Executive Summary
The purpose of this report is to identify and develop proper guidelines for A4A for managing the
information security risks of the organization. The report discusses the need of A4A in adopting
risk mitigation process for preventing unauthorized circulation of the academy’s information
resources and its use. The report further identifies the information security risks the company is
exposed to and suggests different guidelines, adherence to which might help A4A in managing
the identified security risks of the organization. The set guidelines are expected to prevent the
unauthorized use and access of the academy’s resources and aims at eliminating the risks
associated with the information assets. The report concludes with the assumptions that have been
considered while developing the guidelines for information security risks present within A4A.
INFORMATION SECURITY MANAGEMENT
Executive Summary
The purpose of this report is to identify and develop proper guidelines for A4A for managing the
information security risks of the organization. The report discusses the need of A4A in adopting
risk mitigation process for preventing unauthorized circulation of the academy’s information
resources and its use. The report further identifies the information security risks the company is
exposed to and suggests different guidelines, adherence to which might help A4A in managing
the identified security risks of the organization. The set guidelines are expected to prevent the
unauthorized use and access of the academy’s resources and aims at eliminating the risks
associated with the information assets. The report concludes with the assumptions that have been
considered while developing the guidelines for information security risks present within A4A.
2
INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Introduction......................................................................................................................3
1.1. Organizational Context.............................................................................................3
1.2. Objective...................................................................................................................3
1.3. Report Outline..........................................................................................................4
2. Discussion........................................................................................................................4
2.1. Information Security Assets.....................................................................................4
2.2. Risk Identification....................................................................................................6
2.3. Risk Assessment.....................................................................................................10
2.4. Risk Management...................................................................................................11
3. Assumptions..................................................................................................................13
4. Conclusion.....................................................................................................................14
References..........................................................................................................................15
INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Introduction......................................................................................................................3
1.1. Organizational Context.............................................................................................3
1.2. Objective...................................................................................................................3
1.3. Report Outline..........................................................................................................4
2. Discussion........................................................................................................................4
2.1. Information Security Assets.....................................................................................4
2.2. Risk Identification....................................................................................................6
2.3. Risk Assessment.....................................................................................................10
2.4. Risk Management...................................................................................................11
3. Assumptions..................................................................................................................13
4. Conclusion.....................................................................................................................14
References..........................................................................................................................15
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY MANAGEMENT
1. Introduction
1.1. Organizational Context
Academics for Academics is a non-governmental organization or NGO, operating in its
head office in Sydney with a branch in Singapore. All the projects of Academics for Academics
(A4A) are funded from the public donations. The team of A4A consists of 10 staff members.
This organization was established with an aim of helping the small public and private
universities in Australia and south East Asia. The schools and colleges registered under A4A can
only access the data and information produced by A4A. The organization has no proper policy
and guidelines for protecting the resources of the company. The report identifies the different
types of risks associated with resources of A4A and suggests some major guidelines that will
help in management of the information security risks associated with the resources of the
organization. The report develops proper guidelines that will prevent the unauthorized usage of
the information resources of the organization by insider or outsider threat. The report aims at
development of an issue specific security policy that will prevent the unauthorized use and
circulation of the study materials and information technology resources of academics for
academics (Höne and Eloff 2002). Issue specific privacy guidelines are created with an aim of
addressing the specific information security threat and provide necessary information to the
employees of the organization regarding the proper usage of technology and resources inside or
outside the boundaries of the organization.The detailed process of management of the
information security risks associated with A4A are evaluated in the following paragraphs.
1.2. Objective
INFORMATION SECURITY MANAGEMENT
1. Introduction
1.1. Organizational Context
Academics for Academics is a non-governmental organization or NGO, operating in its
head office in Sydney with a branch in Singapore. All the projects of Academics for Academics
(A4A) are funded from the public donations. The team of A4A consists of 10 staff members.
This organization was established with an aim of helping the small public and private
universities in Australia and south East Asia. The schools and colleges registered under A4A can
only access the data and information produced by A4A. The organization has no proper policy
and guidelines for protecting the resources of the company. The report identifies the different
types of risks associated with resources of A4A and suggests some major guidelines that will
help in management of the information security risks associated with the resources of the
organization. The report develops proper guidelines that will prevent the unauthorized usage of
the information resources of the organization by insider or outsider threat. The report aims at
development of an issue specific security policy that will prevent the unauthorized use and
circulation of the study materials and information technology resources of academics for
academics (Höne and Eloff 2002). Issue specific privacy guidelines are created with an aim of
addressing the specific information security threat and provide necessary information to the
employees of the organization regarding the proper usage of technology and resources inside or
outside the boundaries of the organization.The detailed process of management of the
information security risks associated with A4A are evaluated in the following paragraphs.
1.2. Objective
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY MANAGEMENT
The major aim of this report is to discuss and develop proper guidelines for managing the
different information security risks associated with the organization A4A. The report explains
the needs of identifying and analyzing the different resources of the company that are at risk. The
report outlines the need for identifying the different risks associated with the information system
of A4A. The report further identifies and analyzes the different risk mitigation approaches of the
company and suggests some guidelines. These guidelines are necessary to develop the different
security policies of the company.
1.3. Report Outline
The organization A4A is expanding and therefore, it becomes very essential to manage
the information security risks associated with the organization. The report provides standard
guidelines for the same that guarantees the security of the information assets of the organization.
These guidelines provides a solution to manage the information security risks identified and will
further help in managing the uncertainties associated with the organization. These guidelines
forms the basis of threat handling and mitigation in an effective way and the guidelines are
intended to provide a solution for the identified risk. The guidelines that are to be developed with
provide a long term security options for A4A.
2. Discussion
2.1. Information Security Assets
It is very essential to identify the information security assets of the company. It is
essential to identify the information assets in order to identify and analyze the risks associated
with the organization. The identified assets need proper protection from the threat and the
INFORMATION SECURITY MANAGEMENT
The major aim of this report is to discuss and develop proper guidelines for managing the
different information security risks associated with the organization A4A. The report explains
the needs of identifying and analyzing the different resources of the company that are at risk. The
report outlines the need for identifying the different risks associated with the information system
of A4A. The report further identifies and analyzes the different risk mitigation approaches of the
company and suggests some guidelines. These guidelines are necessary to develop the different
security policies of the company.
1.3. Report Outline
The organization A4A is expanding and therefore, it becomes very essential to manage
the information security risks associated with the organization. The report provides standard
guidelines for the same that guarantees the security of the information assets of the organization.
These guidelines provides a solution to manage the information security risks identified and will
further help in managing the uncertainties associated with the organization. These guidelines
forms the basis of threat handling and mitigation in an effective way and the guidelines are
intended to provide a solution for the identified risk. The guidelines that are to be developed with
provide a long term security options for A4A.
2. Discussion
2.1. Information Security Assets
It is very essential to identify the information security assets of the company. It is
essential to identify the information assets in order to identify and analyze the risks associated
with the organization. The identified assets need proper protection from the threat and the
5
INFORMATION SECURITY MANAGEMENT
uncertainties in order to prevent the loss of information. The identified information security
assets of the company are as follows (Safa, Von Solms and Furnell 2016)-
1. The members of the organization are major information assets of the company and
includes the appointed members, managers and the university personnel.
2. The data produced by the members are other major information assets of the
organization. These information assets of the organization include the assignments or the study
helps produced by the members of the organization. However, the emails, marked assignment
and the exams are not the properties of the organization. Along with this, the other confidential
data of the organization includes the storage information of the assignments, the personal details
of the members and the clients of the organization (Sommestad et al. 2014).
3. The information system that records and stores all the assignments prepared by the
organization is an important information asset of the organization as well.
4. The member of the organization often works from outside the organization. Therefore,
the networking components, which include the routers and firewalls, are another major
information asset of the organization (Laudon and Laudon, 2016).
5. The hardware assets of the organization and the hard copy of the assignments produced
within the organization are major information asset of the organization. Proper guidelines are to
be develop in order to secure these components.
6. The organization works with the public donations. These include some confidential
information as well. Protection of those information is necessary.
INFORMATION SECURITY MANAGEMENT
uncertainties in order to prevent the loss of information. The identified information security
assets of the company are as follows (Safa, Von Solms and Furnell 2016)-
1. The members of the organization are major information assets of the company and
includes the appointed members, managers and the university personnel.
2. The data produced by the members are other major information assets of the
organization. These information assets of the organization include the assignments or the study
helps produced by the members of the organization. However, the emails, marked assignment
and the exams are not the properties of the organization. Along with this, the other confidential
data of the organization includes the storage information of the assignments, the personal details
of the members and the clients of the organization (Sommestad et al. 2014).
3. The information system that records and stores all the assignments prepared by the
organization is an important information asset of the organization as well.
4. The member of the organization often works from outside the organization. Therefore,
the networking components, which include the routers and firewalls, are another major
information asset of the organization (Laudon and Laudon, 2016).
5. The hardware assets of the organization and the hard copy of the assignments produced
within the organization are major information asset of the organization. Proper guidelines are to
be develop in order to secure these components.
6. The organization works with the public donations. These include some confidential
information as well. Protection of those information is necessary.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY MANAGEMENT
The identified information security assets of the company is needed to be protected in
order to avoid huge information loss of the organization. Therefore, proper guidelines are to be
enforced in order to ensure responsible use of the organizations property (Spiekermann 2012).
The Authorized and prohibited usage of the resources are mentioned in the guidelines. These
guidelines will prevent an attacker in accessing the confidential resources of the organization.
2.2. Risk Identification
Identification of the Assets
The identified information assets of the organization further requires a proper
identification of the risks associated with the information assets of the organization. The risks are
needed to be identified and analyzed on basis of their impact in order to develop a proper risk
mitigation strategy (Stallings et al. 2012). Classifying the risks in different groups will helps the
organization in proper mitigation of the identified risk and prevent the organization in suffering
the information loss of the organization.
The risk identification process will include the identification of the major information
security assets of the organization. The different assets of the organization include the members
and the confidential data of these members that are stored in the information system of the
organization (Laudon et al. 2012). This information can be targeted by an attacker and therefore
needs proper protection.
The data produced by the members of the organization are another major information
asset of the organization. It is vital to protect these data present in the system, as these are
developed in order to provide help to the different colleges and universities across the country.
Therefore, it is essential to undertake a proper risk assessment process in these information assets
INFORMATION SECURITY MANAGEMENT
The identified information security assets of the company is needed to be protected in
order to avoid huge information loss of the organization. Therefore, proper guidelines are to be
enforced in order to ensure responsible use of the organizations property (Spiekermann 2012).
The Authorized and prohibited usage of the resources are mentioned in the guidelines. These
guidelines will prevent an attacker in accessing the confidential resources of the organization.
2.2. Risk Identification
Identification of the Assets
The identified information assets of the organization further requires a proper
identification of the risks associated with the information assets of the organization. The risks are
needed to be identified and analyzed on basis of their impact in order to develop a proper risk
mitigation strategy (Stallings et al. 2012). Classifying the risks in different groups will helps the
organization in proper mitigation of the identified risk and prevent the organization in suffering
the information loss of the organization.
The risk identification process will include the identification of the major information
security assets of the organization. The different assets of the organization include the members
and the confidential data of these members that are stored in the information system of the
organization (Laudon et al. 2012). This information can be targeted by an attacker and therefore
needs proper protection.
The data produced by the members of the organization are another major information
asset of the organization. It is vital to protect these data present in the system, as these are
developed in order to provide help to the different colleges and universities across the country.
Therefore, it is essential to undertake a proper risk assessment process in these information assets
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
in order to identify the associated risks with the same (Belleflamme and Peitz 2014). The risk
identification of the private and confidential data produced by the members of the organization is
to be carried out with highest priority.
It is the responsibility of the organization to eliminate the different risks associated with
the information system. The risks associated software and the networks that are in use within the
organization are to be identified and evaluated with highest priority in order to eliminate the risk.
After successful identification of the information asset, it is essential to classify and categorize
the information assets in order to properly identify the type of risk associated with it.
Classification and Categorization
The identification of the information assets within the organization is essential to
understand the type of risk in which the company is exposed to. After identification of the risk, it
is essential to classify and categorize these information assets in order to understand the risks
associated with these data. Depending on the need of data protection, the risk mitigation
approach will be further identified for the associated risks. The information security asses of the
organization are classified are as follows (Ifinedo 2012)-
1. The personal information of the members and the funding information of the A4A is a
confidential data type and are restricted only to the use of the organization. Therefore, this
information asset is at major risk and should be mitigated.
2. The data stored in the information system of the organization that consists of the
recruitment of members of the organization is another private and confidential data of the
organization and should be considered for internal use only. This information is restricted to the
members of the organization (Eldardiry et al. 2013).
INFORMATION SECURITY MANAGEMENT
in order to identify the associated risks with the same (Belleflamme and Peitz 2014). The risk
identification of the private and confidential data produced by the members of the organization is
to be carried out with highest priority.
It is the responsibility of the organization to eliminate the different risks associated with
the information system. The risks associated software and the networks that are in use within the
organization are to be identified and evaluated with highest priority in order to eliminate the risk.
After successful identification of the information asset, it is essential to classify and categorize
the information assets in order to properly identify the type of risk associated with it.
Classification and Categorization
The identification of the information assets within the organization is essential to
understand the type of risk in which the company is exposed to. After identification of the risk, it
is essential to classify and categorize these information assets in order to understand the risks
associated with these data. Depending on the need of data protection, the risk mitigation
approach will be further identified for the associated risks. The information security asses of the
organization are classified are as follows (Ifinedo 2012)-
1. The personal information of the members and the funding information of the A4A is a
confidential data type and are restricted only to the use of the organization. Therefore, this
information asset is at major risk and should be mitigated.
2. The data stored in the information system of the organization that consists of the
recruitment of members of the organization is another private and confidential data of the
organization and should be considered for internal use only. This information is restricted to the
members of the organization (Eldardiry et al. 2013).
8
INFORMATION SECURITY MANAGEMENT
3. The organization works for producing assignment for the colleges and universities
across the country. The information therefore, produced is for public use. However, it is
restricted to the use of the colleges and universities registered under A4A.
After proper classification and categorizing of the risk, it is essential to access the value
of the information assets so that proper risk mitigation processes are suggested.
Value Assessment
The risk identification process for A4A includes the stage of value assessment of the
identified information asset of the organization. The value assessment will help in understanding
and determining the priority of the risk mitigation process. The impact on the information assets
are categorized on basis of the importance of the information assets of the organization. The
impact is expressed on a scale of critical, high, medium and low (Peltier 2004). The critical ones
need immediate attention, while the low ones do not need immediate attention.
The importance of information asset of the organization refers to the relative objectives it
serves within the organization. The assets that generate most revenue or that are very
confidential are very necessary to protect. Guidelines are to be developed on basis of the need or
value of the information assets that needs immediate protection or in a critical stage. After proper
value assessment of the information assets of A4A, it is essential to prioritize the information
asset on basis of its importance in order to develop proper guidelines.
Prioritizing the identified the information Assets
The information assets identified during the risk identification process is needed to be
prioritized for identifying the sequence of risk mitigation. This prioritization process is mainly
INFORMATION SECURITY MANAGEMENT
3. The organization works for producing assignment for the colleges and universities
across the country. The information therefore, produced is for public use. However, it is
restricted to the use of the colleges and universities registered under A4A.
After proper classification and categorizing of the risk, it is essential to access the value
of the information assets so that proper risk mitigation processes are suggested.
Value Assessment
The risk identification process for A4A includes the stage of value assessment of the
identified information asset of the organization. The value assessment will help in understanding
and determining the priority of the risk mitigation process. The impact on the information assets
are categorized on basis of the importance of the information assets of the organization. The
impact is expressed on a scale of critical, high, medium and low (Peltier 2004). The critical ones
need immediate attention, while the low ones do not need immediate attention.
The importance of information asset of the organization refers to the relative objectives it
serves within the organization. The assets that generate most revenue or that are very
confidential are very necessary to protect. Guidelines are to be developed on basis of the need or
value of the information assets that needs immediate protection or in a critical stage. After proper
value assessment of the information assets of A4A, it is essential to prioritize the information
asset on basis of its importance in order to develop proper guidelines.
Prioritizing the identified the information Assets
The information assets identified during the risk identification process is needed to be
prioritized for identifying the sequence of risk mitigation. This prioritization process is mainly
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY MANAGEMENT
based on the impact, all the identified assets have on the organization and the impact on the
organization in case such these information assets are compromised by the attackers. The assets
in a critical level or the asset that has the highest impact will be given the highest priority in the
mitigation process (Peppard and Ward 2016). The guidelines developed for the risk mitigation
will include a secure use of these information assets, in order to eliminate the risks associated
with the process.
Identification of the threats associated with the information asset of A4A is essential in
order to mitigate the same. There are a number of security risks associated with the organization.
If a member is working from outside the organization there are many other security risks
associated with the transmission and storage of information. This includes the malware attack,
data modification and unauthorized data access. This is a type of active attack on the information
assets of an organization. A proper security guidelines is needed to be developed for the
organization in order to protect the information technology assets of A4A. Apart from this, the
threat from the insider includes the unauthorized use and circulation of the academy’s data and
resources within the organization. Apart from this, the major threats associated with A4A are as
follows (Von Solms and Van Niekerk 2013)-
1. The internal threats due to human error
2. The malware attacks on the information system of the organization
3. The data theft and data modification
4. Unauthorized use and access to the data
5. Technical failures of the hardware and software
INFORMATION SECURITY MANAGEMENT
based on the impact, all the identified assets have on the organization and the impact on the
organization in case such these information assets are compromised by the attackers. The assets
in a critical level or the asset that has the highest impact will be given the highest priority in the
mitigation process (Peppard and Ward 2016). The guidelines developed for the risk mitigation
will include a secure use of these information assets, in order to eliminate the risks associated
with the process.
Identification of the threats associated with the information asset of A4A is essential in
order to mitigate the same. There are a number of security risks associated with the organization.
If a member is working from outside the organization there are many other security risks
associated with the transmission and storage of information. This includes the malware attack,
data modification and unauthorized data access. This is a type of active attack on the information
assets of an organization. A proper security guidelines is needed to be developed for the
organization in order to protect the information technology assets of A4A. Apart from this, the
threat from the insider includes the unauthorized use and circulation of the academy’s data and
resources within the organization. Apart from this, the major threats associated with A4A are as
follows (Von Solms and Van Niekerk 2013)-
1. The internal threats due to human error
2. The malware attacks on the information system of the organization
3. The data theft and data modification
4. Unauthorized use and access to the data
5. Technical failures of the hardware and software
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY MANAGEMENT
6. Incorrect data usage
The above lists mentions the major information security theft associated with the A4A.
These threats are needed to be accessed and mitigated properly in order to protect the
confidential information asset of the organization.
The threat assessment includes the identification of the probability of occurrence of these
threats within the organization. The threats with highest probability are expected to cause a huge
loss to the information assets of the organization. Therefore, it is the responsibility of the
organization to identify the threat with highest probability of occurrence and the danger to the
assets (Shamala, Ahmad and Yusoff 2013). This process can be done strategically by identifying
the causes and actions of the identified threats on the information assets.
Once this process is done, the prioritization of the threat will be easier for the
organization. It is the responsibility of the organization to prioritize these threats. Furthermore,
the vulnerabilities of the information asset is needed to be identified as well in order to
determine access the risk in a more strategic manner. The threats are linked to the identified
assets for its proper mitigation.
2.3. Risk Assessment
With the successful risk identification process, risk assessment is necessary in order to
identify the extent of the effects of the risk. This is done by the likelihood and consequences of
the identified threat on the information assets. It helps in determining the priority of the risks as
well. The consequences level of the threats that are used in the risk assessment process includes
(Viduto et al. 2012)-
INFORMATION SECURITY MANAGEMENT
6. Incorrect data usage
The above lists mentions the major information security theft associated with the A4A.
These threats are needed to be accessed and mitigated properly in order to protect the
confidential information asset of the organization.
The threat assessment includes the identification of the probability of occurrence of these
threats within the organization. The threats with highest probability are expected to cause a huge
loss to the information assets of the organization. Therefore, it is the responsibility of the
organization to identify the threat with highest probability of occurrence and the danger to the
assets (Shamala, Ahmad and Yusoff 2013). This process can be done strategically by identifying
the causes and actions of the identified threats on the information assets.
Once this process is done, the prioritization of the threat will be easier for the
organization. It is the responsibility of the organization to prioritize these threats. Furthermore,
the vulnerabilities of the information asset is needed to be identified as well in order to
determine access the risk in a more strategic manner. The threats are linked to the identified
assets for its proper mitigation.
2.3. Risk Assessment
With the successful risk identification process, risk assessment is necessary in order to
identify the extent of the effects of the risk. This is done by the likelihood and consequences of
the identified threat on the information assets. It helps in determining the priority of the risks as
well. The consequences level of the threats that are used in the risk assessment process includes
(Viduto et al. 2012)-
11
INFORMATION SECURITY MANAGEMENT
1. Insignificant
2. Minor
3. Moderate
4. Major
5. Catastrophic
The likelihood level of the consequences identified for the associated risks includes-
1. Almost certain
2. Likely
3. Possible
4. Unlikely
5. Rare
Risk and threat assessment corresponding to the different information assets of the
organization will be easier to evaluate on basis of these levels. The catastrophic threat with a
almost certain likelihood should be removed with a highest priority. Therefore, the risk
assessment process is vital for developing the guidelines associated for ensuring the information
security risks within the organization. The valuable and important assets of the organization are
scaled on basis of the associated threats, their consequences and likelihood. After successful risk
assessment it is essential for A4A to consider the risk management process. Proper risk
management is essential for developing the guidelines.
2.4. Risk Management
The Non Governmental organization A4A aims at developing proper guidelines for
mitigating the risks associated with the information assets of the organization. The risk
mitigation or management process includes classifying the risks on basis of their impact on the
information assets of the organization. The level of risks can be classified as high, medium and
low.
INFORMATION SECURITY MANAGEMENT
1. Insignificant
2. Minor
3. Moderate
4. Major
5. Catastrophic
The likelihood level of the consequences identified for the associated risks includes-
1. Almost certain
2. Likely
3. Possible
4. Unlikely
5. Rare
Risk and threat assessment corresponding to the different information assets of the
organization will be easier to evaluate on basis of these levels. The catastrophic threat with a
almost certain likelihood should be removed with a highest priority. Therefore, the risk
assessment process is vital for developing the guidelines associated for ensuring the information
security risks within the organization. The valuable and important assets of the organization are
scaled on basis of the associated threats, their consequences and likelihood. After successful risk
assessment it is essential for A4A to consider the risk management process. Proper risk
management is essential for developing the guidelines.
2.4. Risk Management
The Non Governmental organization A4A aims at developing proper guidelines for
mitigating the risks associated with the information assets of the organization. The risk
mitigation or management process includes classifying the risks on basis of their impact on the
information assets of the organization. The level of risks can be classified as high, medium and
low.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.