COIT20263 Information Security: Risk Management for Smart Software
VerifiedAdded on 2023/04/21
|16
|4716
|355
Report
AI Summary
This report analyzes the information security risks faced by Smart Software Pty Ltd, an IT company in Melbourne, and proposes strategies for mitigating these risks. It emphasizes the importance of information security risk management principles, including acknowledging uncertainty, establishing a risk management system, and understanding risk types. The report discusses ethical issues arising from mishandling information resources, steps to prevent security breaches, and methods for identifying information assets. It outlines risk control strategies such as defense, transfer, mitigation, acceptance, and termination, alongside an information security certification and accreditation plan. The report highlights the significance of continuous monitoring and concludes with recommendations for enhancing Smart Software's information security posture. Desklib provides solved assignments and resources for students.
IT write up
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1 | P a g e
Executive summary
The smart software Pty LTD is an information technology organization in Melbourne
that develops and implements customized software for Australian business industries.
The information technology team assigned to control and manage the information
security risks and issues and perform their operation. The aim of this report is to
analyse the concept of information security risks and apply information security risk
principles, and information security certification and accreditation to the smart
software organization. This report will describe the information security risks faced by
smart software organization and strategies to overcome these issues and improve the
performance of their networks. In the end, an information security certification and
accreditation will be involved and discussed properly.
Executive summary
The smart software Pty LTD is an information technology organization in Melbourne
that develops and implements customized software for Australian business industries.
The information technology team assigned to control and manage the information
security risks and issues and perform their operation. The aim of this report is to
analyse the concept of information security risks and apply information security risk
principles, and information security certification and accreditation to the smart
software organization. This report will describe the information security risks faced by
smart software organization and strategies to overcome these issues and improve the
performance of their networks. In the end, an information security certification and
accreditation will be involved and discussed properly.
2 | P a g e
Table of Contents
Introduction...........................................................................................................................................3
Discussion..............................................................................................................................................3
Principles of information security risk management.........................................................................3
Ethical issues due to mishandling of information resources..............................................................5
Steps that need to be taken to prevent security breach...................................................................5
Ways to identify information asset....................................................................................................6
Risks associated with leakage of information asset.......................................................................7
Information security-Risk control strategies......................................................................................7
Information security certification and accreditation to the smart software organization...............10
Initiation and planning.................................................................................................................10
Certification.................................................................................................................................10
Accreditation...............................................................................................................................11
Continuous monitoring................................................................................................................11
Conclusion...........................................................................................................................................11
References...........................................................................................................................................13
Table of Contents
Introduction...........................................................................................................................................3
Discussion..............................................................................................................................................3
Principles of information security risk management.........................................................................3
Ethical issues due to mishandling of information resources..............................................................5
Steps that need to be taken to prevent security breach...................................................................5
Ways to identify information asset....................................................................................................6
Risks associated with leakage of information asset.......................................................................7
Information security-Risk control strategies......................................................................................7
Information security certification and accreditation to the smart software organization...............10
Initiation and planning.................................................................................................................10
Certification.................................................................................................................................10
Accreditation...............................................................................................................................11
Continuous monitoring................................................................................................................11
Conclusion...........................................................................................................................................11
References...........................................................................................................................................13
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3 | P a g e
Introduction
Information security management consists of set of policies and rules that are used to
secure all the confidential and sensitive information. This security system is used to
minimize the risk and assure that business continuity is maintained by making sure that
security breach does not occur. In this report, smart software Pvt lmt. Is considered it is
one of the leading software company situated in Melbourne. The risk plans are
developed so that sensitive information about the company remains integrated,
confidential and available. The company builds software in a customized way and each
team as their defined role. The security management system is important for this
organisation as there are large files and documents that need to be protected. To
resolve all the security consequences, various strategic planning needs to be developed
so that security parameters are met and information remains protected.
Discussion
Principles of information security risk management
There are numerous principles of information security risk management which are
described below:
Accept that there will always be uncertainty: risks associated with information
security are not always predictable and cannot be eradicated. Such kind of principle will
help consumers to know that they can ask for help, admit and seek advice from trusted
resources.
Make the security risk management system: managing security risks are not easy
and simple for which company should develop the risk management system to manage
all the time, process and data.
Understand the types of risks: it is very important to understand and identify the
risks and issues associated with information security. It involves the impact of risks on
security, key factors that increase the risk and issues and many more.
Appreciate full how risks and issues are being managed: once IT team has a clear
view of the risk that faced by the smart software, management team require to decide
Introduction
Information security management consists of set of policies and rules that are used to
secure all the confidential and sensitive information. This security system is used to
minimize the risk and assure that business continuity is maintained by making sure that
security breach does not occur. In this report, smart software Pvt lmt. Is considered it is
one of the leading software company situated in Melbourne. The risk plans are
developed so that sensitive information about the company remains integrated,
confidential and available. The company builds software in a customized way and each
team as their defined role. The security management system is important for this
organisation as there are large files and documents that need to be protected. To
resolve all the security consequences, various strategic planning needs to be developed
so that security parameters are met and information remains protected.
Discussion
Principles of information security risk management
There are numerous principles of information security risk management which are
described below:
Accept that there will always be uncertainty: risks associated with information
security are not always predictable and cannot be eradicated. Such kind of principle will
help consumers to know that they can ask for help, admit and seek advice from trusted
resources.
Make the security risk management system: managing security risks are not easy
and simple for which company should develop the risk management system to manage
all the time, process and data.
Understand the types of risks: it is very important to understand and identify the
risks and issues associated with information security. It involves the impact of risks on
security, key factors that increase the risk and issues and many more.
Appreciate full how risks and issues are being managed: once IT team has a clear
view of the risk that faced by the smart software, management team require to decide
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 | P a g e
how they are going to deal with risks and issues. It is very crucial to evaluate how they
are doing in order to manage the risks associated with information security.
Identify and recognize the limitations of risk management strategies and
approaches: smart software company should evaluate the limitations of the security
policies and technology and adopt the solutions that can help them to manage risks and
issues.
Control and direct the thing IT team do to manage risk: the action team takes in
response to determined risks require to be governed to ensure they are consistent with
the thing, objectives, and priorities.
Check security tools and technologies used to manage security risks: management
team needs to have confidence that the technologies and tools they used which are
working properly and manage all risks and issues associated with the information
security.
A framework need to be designed so that risk faced in Smart software Pvt. Lmt. could be
reduced. A frame work can be defined that can mitigate the risk and offer security of
data. ORM framework is one that can be used for reducing the risk (Pawlak anf Mikołaj,
2016). The first step of this framework is to identify the risk and make sure that it does
not penetrate deep in the system (Marhold, Hartmut, 2016). The aim of this framework
is to make sure that privacy is maintained (Dimensiondata, 2016). The security
channels are also controlled by keeping an eye that only authorised and valid user
access the information. The data packets are transmitted over a network that is secure.
The framework works in a step by step manner. The first step is establishing the context
and designing the framework in a way by understanding organisational as well as risk
management behaviour. The next step is identifying the risk and understanding how
and why this happened. The last step is accessing the risk by determining the control
parameters and then determining the consequences (Pawlak anf Mikołaj, 2016). If the
risk is not found it is monitored and then reviewed again regularly. If the risk is
identified the treatment and evaluation options are created so that proper implantation
and treatment plans are generated (Mawdsley and Jocelyn, 2017). The risk is monitored
on regular basis so that it doesn’t affect other operations and processes.
how they are going to deal with risks and issues. It is very crucial to evaluate how they
are doing in order to manage the risks associated with information security.
Identify and recognize the limitations of risk management strategies and
approaches: smart software company should evaluate the limitations of the security
policies and technology and adopt the solutions that can help them to manage risks and
issues.
Control and direct the thing IT team do to manage risk: the action team takes in
response to determined risks require to be governed to ensure they are consistent with
the thing, objectives, and priorities.
Check security tools and technologies used to manage security risks: management
team needs to have confidence that the technologies and tools they used which are
working properly and manage all risks and issues associated with the information
security.
A framework need to be designed so that risk faced in Smart software Pvt. Lmt. could be
reduced. A frame work can be defined that can mitigate the risk and offer security of
data. ORM framework is one that can be used for reducing the risk (Pawlak anf Mikołaj,
2016). The first step of this framework is to identify the risk and make sure that it does
not penetrate deep in the system (Marhold, Hartmut, 2016). The aim of this framework
is to make sure that privacy is maintained (Dimensiondata, 2016). The security
channels are also controlled by keeping an eye that only authorised and valid user
access the information. The data packets are transmitted over a network that is secure.
The framework works in a step by step manner. The first step is establishing the context
and designing the framework in a way by understanding organisational as well as risk
management behaviour. The next step is identifying the risk and understanding how
and why this happened. The last step is accessing the risk by determining the control
parameters and then determining the consequences (Pawlak anf Mikołaj, 2016). If the
risk is not found it is monitored and then reviewed again regularly. If the risk is
identified the treatment and evaluation options are created so that proper implantation
and treatment plans are generated (Mawdsley and Jocelyn, 2017). The risk is monitored
on regular basis so that it doesn’t affect other operations and processes.
5 | P a g e
Ethical issues due to mishandling of information resources
If considering the case study of Smart software pvt. ltd. if the information is not handled
correctly by the staff it can cause security breach. It is important to handle the resources
correctly so that personal information does not get leaked. The loss of information or
sensitive data can be a loss of the organisation in terms of financial condition and brand
image. From the case study it was found that development team is responsible for
designing codes and software’s thus it is important to protect theses codes from hacking
(Braun, Aurel, 2018). The IT team as the access to all the files and documents thus a
proper access control list should be defined so that only valid user can access the
information. It was found that few of the team members work from home thus a proper
tracking system and firewalls need to be downloaded so that information remain secure
(Ab Rahman and Choo, 2015). Various engineering tools and licenced software’s should
be used so that security management practices can be developed.
Steps that need to be taken to prevent security breach
Smart software Pvt. Ltd. face various issue that can cause security breaches, thus some
of the step that should be taken by the organisation to ensure that information is secure
that is not mishandled.
Some of the steps that should be taken so that prevents unethical issues are:
The information should be stored at a protected network.
The information should be downloaded from certified networks only and
unauthorised users should be restricted to access the data (Harbeson and John,
2015).
Smart software use open source software, but all the software’s should be
licenced so that risk of hacking could be reduced.
The passwords should be strong so that it can’t be leaked and data is not misused
or modified.
IT team should be hired for the company so that attacks could be identified and
steps should be taken accordingly (Haufe, Colomo-Palacios, Dzombeta, Brandis
and Stantchev, 2016). It is the responsibility of IT team to keep an eye on all the
suspicious activities so that measures could be taken.
Apart from that, security policies should also be designed so that access control
list could be prepared accordingly.
Ethical issues due to mishandling of information resources
If considering the case study of Smart software pvt. ltd. if the information is not handled
correctly by the staff it can cause security breach. It is important to handle the resources
correctly so that personal information does not get leaked. The loss of information or
sensitive data can be a loss of the organisation in terms of financial condition and brand
image. From the case study it was found that development team is responsible for
designing codes and software’s thus it is important to protect theses codes from hacking
(Braun, Aurel, 2018). The IT team as the access to all the files and documents thus a
proper access control list should be defined so that only valid user can access the
information. It was found that few of the team members work from home thus a proper
tracking system and firewalls need to be downloaded so that information remain secure
(Ab Rahman and Choo, 2015). Various engineering tools and licenced software’s should
be used so that security management practices can be developed.
Steps that need to be taken to prevent security breach
Smart software Pvt. Ltd. face various issue that can cause security breaches, thus some
of the step that should be taken by the organisation to ensure that information is secure
that is not mishandled.
Some of the steps that should be taken so that prevents unethical issues are:
The information should be stored at a protected network.
The information should be downloaded from certified networks only and
unauthorised users should be restricted to access the data (Harbeson and John,
2015).
Smart software use open source software, but all the software’s should be
licenced so that risk of hacking could be reduced.
The passwords should be strong so that it can’t be leaked and data is not misused
or modified.
IT team should be hired for the company so that attacks could be identified and
steps should be taken accordingly (Haufe, Colomo-Palacios, Dzombeta, Brandis
and Stantchev, 2016). It is the responsibility of IT team to keep an eye on all the
suspicious activities so that measures could be taken.
Apart from that, security policies should also be designed so that access control
list could be prepared accordingly.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6 | P a g e
The access control list of Smart Soft Pvt. Lmt. contains the list of users who can
access the information in an authorised way so that information is not leaked.
The files should be encrypted so that even if data is leaked the information is not
accessed.
The files should be encrypted so that it is not in a readable form (Chen,
Ramamurthy and Wen, 2015).
The other step that could be taken is keeping a separation between personal
work and professional work. This might increase the chance of information
leakage.
Apart from that, the software’s as well as desktops should be updated regularly
so that viruses do not hit the system (Ho, Hsu and Yen, 2015). Keeping a track
and updating the system decreases the chances of bugs in the system.
The information should also be backed up so even if system failure occurs the
information is not lost (Günther, 2017). Firewalls and anti-virus software should
be installed so that every data file remains protected.
Ways to identify information asset
The company uses many assets to meet the objective, it is important to identify
these assets so that communication could be empowered. One of the important
information assets of Smart Software Pvt. Lmt is the files that are prepared by
development team as they contain code for software development. Other
information assets are the documents that are prepared by financial manager. The
plans that need to be followed by the employees and the work plan are also
considered as an important information asset. If this information is leaked it can
cause loss (Kong and You, 2015). All the information assets should be kept securely
so that unauthorised user cannot access the information (Elmaghraby and Losavio,
2014).
If considering the case of Smart Software Pvt. Lmt. all eh software and the
information set should be protected as it can be hacked b other companies offering
same service. The other important information is the database that covers a large
amount of data that is past and future plans. These assets need to be protected so
that privacy and integrity is maintained. The data centre is another important asset
for an organisation, the data centre should be protected otherwise it can cause
The access control list of Smart Soft Pvt. Lmt. contains the list of users who can
access the information in an authorised way so that information is not leaked.
The files should be encrypted so that even if data is leaked the information is not
accessed.
The files should be encrypted so that it is not in a readable form (Chen,
Ramamurthy and Wen, 2015).
The other step that could be taken is keeping a separation between personal
work and professional work. This might increase the chance of information
leakage.
Apart from that, the software’s as well as desktops should be updated regularly
so that viruses do not hit the system (Ho, Hsu and Yen, 2015). Keeping a track
and updating the system decreases the chances of bugs in the system.
The information should also be backed up so even if system failure occurs the
information is not lost (Günther, 2017). Firewalls and anti-virus software should
be installed so that every data file remains protected.
Ways to identify information asset
The company uses many assets to meet the objective, it is important to identify
these assets so that communication could be empowered. One of the important
information assets of Smart Software Pvt. Lmt is the files that are prepared by
development team as they contain code for software development. Other
information assets are the documents that are prepared by financial manager. The
plans that need to be followed by the employees and the work plan are also
considered as an important information asset. If this information is leaked it can
cause loss (Kong and You, 2015). All the information assets should be kept securely
so that unauthorised user cannot access the information (Elmaghraby and Losavio,
2014).
If considering the case of Smart Software Pvt. Lmt. all eh software and the
information set should be protected as it can be hacked b other companies offering
same service. The other important information is the database that covers a large
amount of data that is past and future plans. These assets need to be protected so
that privacy and integrity is maintained. The data centre is another important asset
for an organisation, the data centre should be protected otherwise it can cause
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7 | P a g e
financial loss for the company (Kong and You, 2015). If information is leaked it can
cause false branding of the company by breaking the trust.
Risks associated with leakage of information asset
The issue linked with information asset is security breach that causes loss of privacy.
If the data is accessed by unauthorised user can cause security breach and loss of
sensitive data. The risks should be monitored and tracked by top managers so that
no bugs enter the system. Monitoring all the processes increases the effectiveness
and reduces the risk. The risk that will be seen if information is leaked is financial
loss for the organisation as well as reputation of organisation (Elmaghraby and
Losavio, 2014). The risk associated with information leakage is that if criminals try
to access the data then they can modify it and might use it in wrong manner. It can
cause incorrect data processing and careless data disposal of data (Eling, 2018).
Information security-Risk control strategies
The risk control strategies is a step by step process that is defend, transfer, mitigate,
accept and terminate. The risk can be prevented by exploiting the vulnerabilities. The
threats are identified and access is limited to authorised user (Rawat and Bajracharya,
2015). The three common methods that can be used for mitigating the risk are by
training and application policy.
Incident response plan defines the actions that need to be taken to mitigate the risk.
Business continuity plan encompasses continuity of business operations even if the
system fails. Risk need to be predicated so that proper steps could be taken at time of
unpredictability (Simpson, 2017). Information security risk management is a process of
managing the risk that is linked with information technology (Safa, Sookhak, Von Solms,
Furnell, Ghani and Herawan, 2015). The steps that are taken are identifying, accessing
and threating the risk so that integrity, confidentiality and availability are maintained.
Briefly analysing the stages of information security risk management:
The first step is identifying the assets and checking the requirements so that
integrity problem can be resolved. The vulnerabilities need to be identified so
that it does not penetrate in the system.
The threats need to be identified so that all the threats can be addressed. The
management plan assures that unauthorised user is not able to access the
financial loss for the company (Kong and You, 2015). If information is leaked it can
cause false branding of the company by breaking the trust.
Risks associated with leakage of information asset
The issue linked with information asset is security breach that causes loss of privacy.
If the data is accessed by unauthorised user can cause security breach and loss of
sensitive data. The risks should be monitored and tracked by top managers so that
no bugs enter the system. Monitoring all the processes increases the effectiveness
and reduces the risk. The risk that will be seen if information is leaked is financial
loss for the organisation as well as reputation of organisation (Elmaghraby and
Losavio, 2014). The risk associated with information leakage is that if criminals try
to access the data then they can modify it and might use it in wrong manner. It can
cause incorrect data processing and careless data disposal of data (Eling, 2018).
Information security-Risk control strategies
The risk control strategies is a step by step process that is defend, transfer, mitigate,
accept and terminate. The risk can be prevented by exploiting the vulnerabilities. The
threats are identified and access is limited to authorised user (Rawat and Bajracharya,
2015). The three common methods that can be used for mitigating the risk are by
training and application policy.
Incident response plan defines the actions that need to be taken to mitigate the risk.
Business continuity plan encompasses continuity of business operations even if the
system fails. Risk need to be predicated so that proper steps could be taken at time of
unpredictability (Simpson, 2017). Information security risk management is a process of
managing the risk that is linked with information technology (Safa, Sookhak, Von Solms,
Furnell, Ghani and Herawan, 2015). The steps that are taken are identifying, accessing
and threating the risk so that integrity, confidentiality and availability are maintained.
Briefly analysing the stages of information security risk management:
The first step is identifying the assets and checking the requirements so that
integrity problem can be resolved. The vulnerabilities need to be identified so
that it does not penetrate in the system.
The threats need to be identified so that all the threats can be addressed. The
management plan assures that unauthorised user is not able to access the
8 | P a g e
information. Defining access control list assures that only valid user access the
information.
The purpose of this security risk management is to remove the threats by identifying
the threats and controlling them. Once the risk has been analysed it can be mitigated
by making use of firewalls and anti-virus software (Safa, Sookhak, Von Solms,
Furnell, Ghani and Herawan, 2015). Apart from that, all the information of Smart
soft limited should be protected that is it should remain encrypted so that even if it
is accessed by unauthorised user the sensitive information remains secure. Some of
the information security policy that should be used by the company is:
An acceptable user policy needs to be designed so that unauthorised users
are prohibited to access the information and allow keeping the resources
secure.
A confidential data policy should also be used by the company so that only
members of team are able to access the data.
The other policy that needs to be designed is authentication policy that helps
in making sure that only valid users have made the changes (Sadeghi,
Wachsmann and Waidner, 2015).
The other policy is a network security policy that is important policy as it
make sure that all the communication that take place between employees are
secure and is not read by any third party user (Sadeghi, Wachsmann and
Waidner, 2015).
Smart software is a leading software company that develop customized software for
clients. Thus, it is important to protect the information. One such way is cryptography
that is considered as an important tool as it makes sure that information is not leaked to
the third party. It encodes the data and codes in a form that it is not read by the humans.
It is also recommended to take proper backups so that information so that it can be
recovered at times of system failure. It helps in maintaining integrity, confidentiality
and availability. The system might be laden with all the unpatched vulnerabilities
(Neumann , 2016). The passwords need to be unsaved from the browser caches and
cookies so that company does not face any kind of vulnerabilities.
information. Defining access control list assures that only valid user access the
information.
The purpose of this security risk management is to remove the threats by identifying
the threats and controlling them. Once the risk has been analysed it can be mitigated
by making use of firewalls and anti-virus software (Safa, Sookhak, Von Solms,
Furnell, Ghani and Herawan, 2015). Apart from that, all the information of Smart
soft limited should be protected that is it should remain encrypted so that even if it
is accessed by unauthorised user the sensitive information remains secure. Some of
the information security policy that should be used by the company is:
An acceptable user policy needs to be designed so that unauthorised users
are prohibited to access the information and allow keeping the resources
secure.
A confidential data policy should also be used by the company so that only
members of team are able to access the data.
The other policy that needs to be designed is authentication policy that helps
in making sure that only valid users have made the changes (Sadeghi,
Wachsmann and Waidner, 2015).
The other policy is a network security policy that is important policy as it
make sure that all the communication that take place between employees are
secure and is not read by any third party user (Sadeghi, Wachsmann and
Waidner, 2015).
Smart software is a leading software company that develop customized software for
clients. Thus, it is important to protect the information. One such way is cryptography
that is considered as an important tool as it makes sure that information is not leaked to
the third party. It encodes the data and codes in a form that it is not read by the humans.
It is also recommended to take proper backups so that information so that it can be
recovered at times of system failure. It helps in maintaining integrity, confidentiality
and availability. The system might be laden with all the unpatched vulnerabilities
(Neumann , 2016). The passwords need to be unsaved from the browser caches and
cookies so that company does not face any kind of vulnerabilities.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9 | P a g e
The in house IT team need to be set up so that they remain aware about all the access.
The other step that could be taken is optimum implementation. A secure virtual private
network needs to be established to ensure financial status can be tracked. A two-step
verification method should be used so that users can be checked (Tsohou, Karyda and
Kokolakis, 2015).
Risk management process is a step by step process that is used to identify the risk by
analysing all the processes. The risk is identified in the entire department that is
development, IT and other. Once the risk is identified it is analysed and solutions are
found so that it does not occur. It is also important to prioritize the risk on the basis of
their impact. The one that has severe impact on the system is deal on the priority basis
(Van den Berg, et. al, 2014). Then the risk is treated by the IT team so that it does not
cause longer threat to the project. Effective training and learning is also offered so that
resources can be managed efficiently (von Solms, 2015). Risk management process
helps in monitoring the threat so that it do not cause harm to the business.
In smart software Pvt. LmT., risk assessment is an important process for analysing the
threats. It is important to identify the threats because it can cause harm to an
organisation. It helps n managing the revenue and reputation of the organisation.
Effectively analysing the risk of the organisation, it protects the assets to improve the
decisions so that optimize operational efficient can be achieved. Risk evaluation
compares the risk of the organisation with already established criteria (Van den Berg,
et. al, 2014). The implementation of these risk evaluation saves the overall cost and
legal requirements.
The last step of this information security plan is designing policies so that risk could be
minimized. It avoids the extended risk as well as risk financing. Information security
plan is implemented in companies to achieve success. The goal of information security
start from gets logical security that can be achieved by controlling the paths and
avoiding security breaches (Marhold, Hartmut, 2016). Logical controls helps in
maintaining authentication and distribution of information. Security audit processes are
used to verify access control. Authorization is important in an IT company that is used
to design access controls system (Safa and Von Solms, 2016). The rights are given to
only valid user so that information is not leaked or changed by unauthorised user.
Smart Software Pvt. Lmt. has implemented network security perimeter solutions so that
The in house IT team need to be set up so that they remain aware about all the access.
The other step that could be taken is optimum implementation. A secure virtual private
network needs to be established to ensure financial status can be tracked. A two-step
verification method should be used so that users can be checked (Tsohou, Karyda and
Kokolakis, 2015).
Risk management process is a step by step process that is used to identify the risk by
analysing all the processes. The risk is identified in the entire department that is
development, IT and other. Once the risk is identified it is analysed and solutions are
found so that it does not occur. It is also important to prioritize the risk on the basis of
their impact. The one that has severe impact on the system is deal on the priority basis
(Van den Berg, et. al, 2014). Then the risk is treated by the IT team so that it does not
cause longer threat to the project. Effective training and learning is also offered so that
resources can be managed efficiently (von Solms, 2015). Risk management process
helps in monitoring the threat so that it do not cause harm to the business.
In smart software Pvt. LmT., risk assessment is an important process for analysing the
threats. It is important to identify the threats because it can cause harm to an
organisation. It helps n managing the revenue and reputation of the organisation.
Effectively analysing the risk of the organisation, it protects the assets to improve the
decisions so that optimize operational efficient can be achieved. Risk evaluation
compares the risk of the organisation with already established criteria (Van den Berg,
et. al, 2014). The implementation of these risk evaluation saves the overall cost and
legal requirements.
The last step of this information security plan is designing policies so that risk could be
minimized. It avoids the extended risk as well as risk financing. Information security
plan is implemented in companies to achieve success. The goal of information security
start from gets logical security that can be achieved by controlling the paths and
avoiding security breaches (Marhold, Hartmut, 2016). Logical controls helps in
maintaining authentication and distribution of information. Security audit processes are
used to verify access control. Authorization is important in an IT company that is used
to design access controls system (Safa and Von Solms, 2016). The rights are given to
only valid user so that information is not leaked or changed by unauthorised user.
Smart Software Pvt. Lmt. has implemented network security perimeter solutions so that
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10 | P a g e
no modifications are made by unauthorized user. Thus, an security implantation plan
assures that security is maintained.
Information security certification and accreditation to the smart software
organization
There are major four phases of the certification and accreditation to control and manage
the information security risks which are described below:
• Initiation and planning
• Certification
• Accreditation
• Continuous monitoring
Initiation and planning
It is the initial stage of the certification and accreditation process where the information
system owner (smart software) and the designated information security officer will
initiate the C and A process by acknowledging that a C&A is needed to control and
monitor the risks of information security. It is very crucial because the C&A process is a
huge undertaking and need substantial sources and it also involves completely
information about security policies and strategies used to reduce information security
risks. It is observed that the C&A process will be responsible for compiling C&A
documents like a security plan and developing a risk assessment. Based on the results of
the risk management, any risk which cannot be removed will be involved in the plan
action which is reviewed by the certifying authority.
Certification
In this phase, a group of independent auditor will perform the C&A package and audit
the information system with the help of a checklist to control risk and issues. Once the
process of the auditor is complete the auditors will assemble a formal package with the
outcomes of their evaluation and provide a recommendation to the certification and
accreditation on the certification worthiness of the scheme.
no modifications are made by unauthorized user. Thus, an security implantation plan
assures that security is maintained.
Information security certification and accreditation to the smart software
organization
There are major four phases of the certification and accreditation to control and manage
the information security risks which are described below:
• Initiation and planning
• Certification
• Accreditation
• Continuous monitoring
Initiation and planning
It is the initial stage of the certification and accreditation process where the information
system owner (smart software) and the designated information security officer will
initiate the C and A process by acknowledging that a C&A is needed to control and
monitor the risks of information security. It is very crucial because the C&A process is a
huge undertaking and need substantial sources and it also involves completely
information about security policies and strategies used to reduce information security
risks. It is observed that the C&A process will be responsible for compiling C&A
documents like a security plan and developing a risk assessment. Based on the results of
the risk management, any risk which cannot be removed will be involved in the plan
action which is reviewed by the certifying authority.
Certification
In this phase, a group of independent auditor will perform the C&A package and audit
the information system with the help of a checklist to control risk and issues. Once the
process of the auditor is complete the auditors will assemble a formal package with the
outcomes of their evaluation and provide a recommendation to the certification and
accreditation on the certification worthiness of the scheme.
11 | P a g e
Accreditation
In such kind of process, the certifying community will review the completed C&A
package to validate that all of the needed information is contained within the system
before making an accreditation decision. Once the complete information about policy
has reviewed the final C&A package and they will provide a determination to accept any
non-remediated issue before granting accreditation.
Continuous monitoring
Continuous monitoring is one of the best processes that can be used for smart software
organization in order to control and maintain the process complaint and issues faced by
the company during the communication process. The information system security
officer use intrusion detection technology, sys logs, and management change process to
control and manage the unauthorized change and risks occur in the smart software.
With the help of this process, smart software can identify ant configuration change
which impacts on the performance of the system. Moreover, an information security
system and federal agencies can perform and run the annual audit in order to ensure
the information security has controlled its compliance baseline.
Conclusion
It can be concluded from this report that information security plan and risk assessment
plan is important for every organisation. In this report, the case study of Smart software
Pvt lmt is considered, it is an software company that has many clients all over the world.
The information of the company is quiet sensitive and it is important to maintain
integrity and confidentiality. There are various issues associated with the company if
in case information is not handled correctly. Thus, various steps are discussed so that
security breaches can be minimised. The important information asset set are analysed
and ways to mitigate the risk are discussed. The information asset of the company are
also listed in ways are found through which risk can be mitigated. One of the risk
management frameworks is also discussed that describes the how it secures the
network. Information security plan can be implemented in many forms. One such policy
is encapsulating the information so that it is not visible to everyone. . It can be
concluded that this framework is used to identify and fill the gap between objectives. It
ensures that proper communication link is established that helps in identifying the
Accreditation
In such kind of process, the certifying community will review the completed C&A
package to validate that all of the needed information is contained within the system
before making an accreditation decision. Once the complete information about policy
has reviewed the final C&A package and they will provide a determination to accept any
non-remediated issue before granting accreditation.
Continuous monitoring
Continuous monitoring is one of the best processes that can be used for smart software
organization in order to control and maintain the process complaint and issues faced by
the company during the communication process. The information system security
officer use intrusion detection technology, sys logs, and management change process to
control and manage the unauthorized change and risks occur in the smart software.
With the help of this process, smart software can identify ant configuration change
which impacts on the performance of the system. Moreover, an information security
system and federal agencies can perform and run the annual audit in order to ensure
the information security has controlled its compliance baseline.
Conclusion
It can be concluded from this report that information security plan and risk assessment
plan is important for every organisation. In this report, the case study of Smart software
Pvt lmt is considered, it is an software company that has many clients all over the world.
The information of the company is quiet sensitive and it is important to maintain
integrity and confidentiality. There are various issues associated with the company if
in case information is not handled correctly. Thus, various steps are discussed so that
security breaches can be minimised. The important information asset set are analysed
and ways to mitigate the risk are discussed. The information asset of the company are
also listed in ways are found through which risk can be mitigated. One of the risk
management frameworks is also discussed that describes the how it secures the
network. Information security plan can be implemented in many forms. One such policy
is encapsulating the information so that it is not visible to everyone. . It can be
concluded that this framework is used to identify and fill the gap between objectives. It
ensures that proper communication link is established that helps in identifying the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.