Information Assurance and Risk Management: Security Compliance Report
VerifiedAdded on 2022/10/11
|10
|2147
|19
Report
AI Summary
This report delves into the realm of Information Assurance and Risk Management, focusing on the crucial aspects of security compliance and organizational metrics to evaluate the effectiveness of an information assurance program. It emphasizes the development of organizational policies and operational metrics to ensure a comprehensive, functional, and strategically aligned program, particularly within the HR department. The report dissects operational readiness metrics, including management and technical readiness, and explores operational practice and environment metrics. It also highlights the significance of risk assessment, security metrics, and their role in achieving high-quality services, continuous improvement, and informed decision-making within an organization, ensuring that security and information assurance remain top priorities.
Running head: INFORMATION ASSURANCE AND RISK MANAGEMENT
INFORMATION ASSURANCE AND RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
INFORMATION ASSURANCE AND RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION ASSURANCE AND RISK MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Objective of Operational Metrics...............................................................................................5
Conclusion..................................................................................................................................7
Reference....................................................................................................................................8
Table of Contents
Introduction................................................................................................................................2
Objective of Operational Metrics...............................................................................................5
Conclusion..................................................................................................................................7
Reference....................................................................................................................................8
2INFORMATION ASSURANCE AND RISK MANAGEMENT
Introduction
This paper focuses on security compliance and organisation metrics for evaluating the
efficacy of organisational information assurance program. This paper helps to develop the
organisational policy and operational metrics that ensures that the comprehensive information
assurance program is functional and aligns strategically in the organisation for achieving
compliance goals (Brotby 2016). The assurance means ensuring trust for the development of
the system, which conveys confidence for the clients. The organisation faces some problems
with security engineering by measures and metrics that can assure a secured hardware and
software system. This purpose of this paper is to ensure information assurance metrics that
may help the organisation to meet the objective for security mechanism. It focuses on the
organisational scenario where the security of HR department is unsafe and needs more
security provisions for implementing efficacy of the information assurance program. The
concept of security metrics consists of product evaluation criteria identification, risk
assessment methodology development, and information assurance strength qualification.
The operational metrics are the end- to- end measures for operational support in the
organisation. The operational metrics or the purpose of organisation’s security program is to
monitor the work environment of the organisation. It checks for the security program and
evaluates operational readiness of the organisation. It provides with the effectiveness in
providing the organisation with information assurance. The need of security in the HR
department can be established by the help of operational readiness metrics (Cho 2016). The
operational readiness metrics is divided into three categories. Below are the operational
metrics for Information Assurance Measures-
Operational readiness metrics
Operational practice metrics
Introduction
This paper focuses on security compliance and organisation metrics for evaluating the
efficacy of organisational information assurance program. This paper helps to develop the
organisational policy and operational metrics that ensures that the comprehensive information
assurance program is functional and aligns strategically in the organisation for achieving
compliance goals (Brotby 2016). The assurance means ensuring trust for the development of
the system, which conveys confidence for the clients. The organisation faces some problems
with security engineering by measures and metrics that can assure a secured hardware and
software system. This purpose of this paper is to ensure information assurance metrics that
may help the organisation to meet the objective for security mechanism. It focuses on the
organisational scenario where the security of HR department is unsafe and needs more
security provisions for implementing efficacy of the information assurance program. The
concept of security metrics consists of product evaluation criteria identification, risk
assessment methodology development, and information assurance strength qualification.
The operational metrics are the end- to- end measures for operational support in the
organisation. The operational metrics or the purpose of organisation’s security program is to
monitor the work environment of the organisation. It checks for the security program and
evaluates operational readiness of the organisation. It provides with the effectiveness in
providing the organisation with information assurance. The need of security in the HR
department can be established by the help of operational readiness metrics (Cho 2016). The
operational readiness metrics is divided into three categories. Below are the operational
metrics for Information Assurance Measures-
Operational readiness metrics
Operational practice metrics
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION ASSURANCE AND RISK MANAGEMENT
Operational environment metrics
1. Operational readiness metrics- the operational readiness metrics is derived from the
traditional military readiness measures of combat readiness. The information
assurance of an organisation is measured by measuring the units and individual
performance for assigned job such as in HR department, it checks and evaluates each
manger’s performance for scrutinizing effectiveness in security aspect. This is to
ensure the system of HR department is operating in a proper manner or not (DiMase
2015). The readiness measures are the internal self- assessed or it has external
assessed by third parties. It evaluates the issues in HR department internally or by any
third party assigned by the organisation to perform the correctness in various HR
functions. With the adequate architecture for securing the systems and ensuring the
correctness of network in place means that the operational readiness metrics is
classified as management readiness related and technical readiness related.
1.A. Management Readiness Metrics- It is used to measure the support of
management for information security process in the organisation. It ensures
commitment, personnel, risk management and resource management from the HR
personnel for assessing the intellectual property (Houngbo 2015). These metrics are
static metrics which are mainly questionnaire- based assessments. These are mainly
generated by the organisational policy reviews and procedures with respect towards
the operations by interviewing management personnel. For example- the frequency of
training and development or performance appraisals for employees help to evaluate
the correctness of functioning in the department. It is also known as the operational
procedure exercise.
Operational environment metrics
1. Operational readiness metrics- the operational readiness metrics is derived from the
traditional military readiness measures of combat readiness. The information
assurance of an organisation is measured by measuring the units and individual
performance for assigned job such as in HR department, it checks and evaluates each
manger’s performance for scrutinizing effectiveness in security aspect. This is to
ensure the system of HR department is operating in a proper manner or not (DiMase
2015). The readiness measures are the internal self- assessed or it has external
assessed by third parties. It evaluates the issues in HR department internally or by any
third party assigned by the organisation to perform the correctness in various HR
functions. With the adequate architecture for securing the systems and ensuring the
correctness of network in place means that the operational readiness metrics is
classified as management readiness related and technical readiness related.
1.A. Management Readiness Metrics- It is used to measure the support of
management for information security process in the organisation. It ensures
commitment, personnel, risk management and resource management from the HR
personnel for assessing the intellectual property (Houngbo 2015). These metrics are
static metrics which are mainly questionnaire- based assessments. These are mainly
generated by the organisational policy reviews and procedures with respect towards
the operations by interviewing management personnel. For example- the frequency of
training and development or performance appraisals for employees help to evaluate
the correctness of functioning in the department. It is also known as the operational
procedure exercise.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION ASSURANCE AND RISK MANAGEMENT
1.B. Technical Readiness metrics- It is used to measure the readiness of technical
support which affects the ability of the organisation to provide with information
assurance while performing the operations. This includes the operations of HR
department in evaluating the pay slip or evaluating the performance of the employees
are accurately functioned or not. These may be static or dynamic, this includes the
risk assessment and vulnerability analysis under the static technical readiness
measurements (Jacobs 2015). The HR department have accurate records of measuring
the performance of employees or not. This may result in impacting the employee who
may face low pay or late appraisal. This may impact in productivity and employee
may lose value for the organisation if the efficient employee is not appraised at the
right time (Yuan 2016). The Information Assurance Vulnerability Alerts (IAVA)
needs the information assurance metrics for determining and tracking the
vulnerabilities faced in the technical resources. This helps to have an effective system
and updates the status. The dynamic technical readiness assessments are physical
exercise that promotes for adversarial situations (Kotenko 2014). The red team threat
based efforts introduces a task force that identifies the information assurance
vulnerabilities. For example- the information design assurance red team (IDART)
methodology helps to detect the probability of success and identifies the assumed
time, cost used for the analysis.
2. Operational practice metrics- it is used to measure the security practices of the
people who are directly or indirectly affected by the organisation’s information
assurance system. If the HR department lags in security and the information of
employee appraisal or any other confidential information is leaked outside the
department may create huge conflicts (Kott 2015). This may engage the employees
with hacking the security system for departmental information. This may lead to
1.B. Technical Readiness metrics- It is used to measure the readiness of technical
support which affects the ability of the organisation to provide with information
assurance while performing the operations. This includes the operations of HR
department in evaluating the pay slip or evaluating the performance of the employees
are accurately functioned or not. These may be static or dynamic, this includes the
risk assessment and vulnerability analysis under the static technical readiness
measurements (Jacobs 2015). The HR department have accurate records of measuring
the performance of employees or not. This may result in impacting the employee who
may face low pay or late appraisal. This may impact in productivity and employee
may lose value for the organisation if the efficient employee is not appraised at the
right time (Yuan 2016). The Information Assurance Vulnerability Alerts (IAVA)
needs the information assurance metrics for determining and tracking the
vulnerabilities faced in the technical resources. This helps to have an effective system
and updates the status. The dynamic technical readiness assessments are physical
exercise that promotes for adversarial situations (Kotenko 2014). The red team threat
based efforts introduces a task force that identifies the information assurance
vulnerabilities. For example- the information design assurance red team (IDART)
methodology helps to detect the probability of success and identifies the assumed
time, cost used for the analysis.
2. Operational practice metrics- it is used to measure the security practices of the
people who are directly or indirectly affected by the organisation’s information
assurance system. If the HR department lags in security and the information of
employee appraisal or any other confidential information is leaked outside the
department may create huge conflicts (Kott 2015). This may engage the employees
with hacking the security system for departmental information. This may lead to
5INFORMATION ASSURANCE AND RISK MANAGEMENT
unfair acts if the information is not secured at right time. This metrics helps the
organisation with assessing the culture, and climate that impacts the productivity of
the organisation. It helps to aware the management and employees on policy of the
organisation and socio- ethical awareness. For example- the issues may be with the
number of users having the password operating the portal have compliance with the
local password management security policy.
3. Operational environment Metrics- it is used for measuring the security relevancy
aspect for the operational environment. This includes some threat from the external
environment that can affect the organisation directly or indirectly. This may arise
when the labour union force the management for recruiting a particular candidate who
is not efficient enough for that job (Kotenko 2014). This scenario may arise when the
security system is weak. This can result in conflict between management and labour
union for demanding for unfair practice by the management. For example- the issues
may be in the number of systems suitable for the specific penetration technique.
Objective of Operational Metrics
The main objective of operational metrics is to provide efficiency, consistency and
high- quality services and have continuous improvement in customer experience.
It provides with reports that states that the organisation is succeeding in identifying
the area of improvement.
To improve the services, promotes value and eases the IT sector with accurate report
for analysis.
To determine acceptable baselines for the operational security metrics –
Risk Assessment- security risk management involves identification, analysis,
treatment and monitoring the risk. The main part of the business is risk assessment
unfair acts if the information is not secured at right time. This metrics helps the
organisation with assessing the culture, and climate that impacts the productivity of
the organisation. It helps to aware the management and employees on policy of the
organisation and socio- ethical awareness. For example- the issues may be with the
number of users having the password operating the portal have compliance with the
local password management security policy.
3. Operational environment Metrics- it is used for measuring the security relevancy
aspect for the operational environment. This includes some threat from the external
environment that can affect the organisation directly or indirectly. This may arise
when the labour union force the management for recruiting a particular candidate who
is not efficient enough for that job (Kotenko 2014). This scenario may arise when the
security system is weak. This can result in conflict between management and labour
union for demanding for unfair practice by the management. For example- the issues
may be in the number of systems suitable for the specific penetration technique.
Objective of Operational Metrics
The main objective of operational metrics is to provide efficiency, consistency and
high- quality services and have continuous improvement in customer experience.
It provides with reports that states that the organisation is succeeding in identifying
the area of improvement.
To improve the services, promotes value and eases the IT sector with accurate report
for analysis.
To determine acceptable baselines for the operational security metrics –
Risk Assessment- security risk management involves identification, analysis,
treatment and monitoring the risk. The main part of the business is risk assessment
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION ASSURANCE AND RISK MANAGEMENT
process. The management information can be at risk which needs to be monitored
regularly. The risk –to- Mission assessment process helps the HR department for
analysing the risk and risk assessment methodology is designed for HR operation.
The self- documenting methodology needs understanding in a better manner for the
management regarding the relevance of technical risk (Le 2017). The technical risk
enables immense effects on business process. If the information regarding promotion
of information is known to the employees, this may create severe problem when the
employee feels the decision is not correct. The employee may mislead by breaking
some company rules or bullying about the employee who will be promoted. This may
lead to negative impression among other employees who will not obey the orders
from the management and will not value the management decision.
Security Metrics- A security metric is the key for an organisation to achieve the
responsibility for managing and securing the information system. The metric
measures the relevant data which can satisfy the need of decision makers (Whitman
2014). The security metrics can be developed to better align with the level of
implementation and scope of organisation’s security which imposed the
implementation of policies that are not addressed and fulfilled.
These metrics are efficacious to the terms involved in the operation of security controls
by-
The objective of performing regular assessments is to determine the efficacy of
security programs. It is important to understand the reliability of programs,
compliance issues, security gaps and checks for security technology results as
shelfware.
This metrics helps to gain regular support for the program. It provides funding and
help the organisation with information security teams for regular evaluation and
process. The management information can be at risk which needs to be monitored
regularly. The risk –to- Mission assessment process helps the HR department for
analysing the risk and risk assessment methodology is designed for HR operation.
The self- documenting methodology needs understanding in a better manner for the
management regarding the relevance of technical risk (Le 2017). The technical risk
enables immense effects on business process. If the information regarding promotion
of information is known to the employees, this may create severe problem when the
employee feels the decision is not correct. The employee may mislead by breaking
some company rules or bullying about the employee who will be promoted. This may
lead to negative impression among other employees who will not obey the orders
from the management and will not value the management decision.
Security Metrics- A security metric is the key for an organisation to achieve the
responsibility for managing and securing the information system. The metric
measures the relevant data which can satisfy the need of decision makers (Whitman
2014). The security metrics can be developed to better align with the level of
implementation and scope of organisation’s security which imposed the
implementation of policies that are not addressed and fulfilled.
These metrics are efficacious to the terms involved in the operation of security controls
by-
The objective of performing regular assessments is to determine the efficacy of
security programs. It is important to understand the reliability of programs,
compliance issues, security gaps and checks for security technology results as
shelfware.
This metrics helps to gain regular support for the program. It provides funding and
help the organisation with information security teams for regular evaluation and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION ASSURANCE AND RISK MANAGEMENT
support the business. The evaluation is based on the performance of the existing
security system and the impact of security controls.
The firm always invests on new technology which is further monitored for effective
performance as per the expectation of the firm. But by providing security metrics, it is
not always so easy to calculate (Lu 2013). This promotes several measures that help
to provide the effectiveness of security controls.
These metrics are the sources for the organisation that can protect the organisation’s
assets from risk.
Conclusion
This paper concludes that identity management is the only one area for information
assurance that helped the organisation to improve in the functioning of security programs.
This ensured that the security and information assurance of the organisation is highly
managed and maintained to its highest priority. It helped to understand the importance of
metrics for security management and information assurance.
support the business. The evaluation is based on the performance of the existing
security system and the impact of security controls.
The firm always invests on new technology which is further monitored for effective
performance as per the expectation of the firm. But by providing security metrics, it is
not always so easy to calculate (Lu 2013). This promotes several measures that help
to provide the effectiveness of security controls.
These metrics are the sources for the organisation that can protect the organisation’s
assets from risk.
Conclusion
This paper concludes that identity management is the only one area for information
assurance that helped the organisation to improve in the functioning of security programs.
This ensured that the security and information assurance of the organisation is highly
managed and maintained to its highest priority. It helped to understand the importance of
metrics for security management and information assurance.
8INFORMATION ASSURANCE AND RISK MANAGEMENT
Reference
Brotby, W. K., & Hinson, G. (2016). Pragmatic security metrics: applying metametrics to
information security. Auerbach Publications.
Cho, J. H., Hurley, P. M., & Xu, S. (2016, November). Metrics and measurement of
trustworthy systems. In MILCOM 2016-2016 IEEE Military Communications
Conference (pp. 1237-1242). IEEE.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework
for cyber physical security and resilience. Environment Systems and Decisions, 35(2),
291-300.
Houngbo, P. J., & Hounsou, J. T. (2015). Measuring information security: understanding and
selecting appropriate metrics. International Journal of Computer Science and
Security (IJCSS), 9(2), 108.
Jacobs, S. (2015). Engineering information security: The application of systems engineering
concepts to achieve information assurance. John Wiley & Sons.
Kotenko, I. V., & Doynikova, E. (2014). Evaluation of Computer Network Security based on
Attack Graphs and Security Event Processing. JoWUA, 5(3), 14-29.
Kotenko, I., & Doynikova, E. (2014, April). Security assessment of computer networks based
on attack graphs and security events. In Information and Communication Technology-
EurAsia Conference (pp. 462-471). Springer, Berlin, Heidelberg.
Kott, A., Wang, C., & Erbacher, R. F. (Eds.). (2015). Cyber defense and situational
awareness (Vol. 62). Springer.
Le, N. T., & Hoang, D. B. (2017). Capability maturity model and metrics framework for
cyber cloud security. Scalable Computing.
Reference
Brotby, W. K., & Hinson, G. (2016). Pragmatic security metrics: applying metametrics to
information security. Auerbach Publications.
Cho, J. H., Hurley, P. M., & Xu, S. (2016, November). Metrics and measurement of
trustworthy systems. In MILCOM 2016-2016 IEEE Military Communications
Conference (pp. 1237-1242). IEEE.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework
for cyber physical security and resilience. Environment Systems and Decisions, 35(2),
291-300.
Houngbo, P. J., & Hounsou, J. T. (2015). Measuring information security: understanding and
selecting appropriate metrics. International Journal of Computer Science and
Security (IJCSS), 9(2), 108.
Jacobs, S. (2015). Engineering information security: The application of systems engineering
concepts to achieve information assurance. John Wiley & Sons.
Kotenko, I. V., & Doynikova, E. (2014). Evaluation of Computer Network Security based on
Attack Graphs and Security Event Processing. JoWUA, 5(3), 14-29.
Kotenko, I., & Doynikova, E. (2014, April). Security assessment of computer networks based
on attack graphs and security events. In Information and Communication Technology-
EurAsia Conference (pp. 462-471). Springer, Berlin, Heidelberg.
Kott, A., Wang, C., & Erbacher, R. F. (Eds.). (2015). Cyber defense and situational
awareness (Vol. 62). Springer.
Le, N. T., & Hoang, D. B. (2017). Capability maturity model and metrics framework for
cyber cloud security. Scalable Computing.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION ASSURANCE AND RISK MANAGEMENT
Lu, T., Guo, X., Xu, B., Zhao, L., Peng, Y., & Yang, H. (2013, September). Next big thing in
big data: the security of the ICT supply chain. In 2013 International Conference on
Social Computing (pp. 1066-1073). IEEE.
Whitman, M., & Mattord, H. J. (2014). Information security governance for the non-security
business executive.
Yuan, X., Yang, L., Jones, B., Yu, H., & Chu, B. T. (2016). Secure software engineering
education: Knowledge area, curriculum and resources. Journal of Cybersecurity
Education, Research and Practice, 2016(1), 3.
Lu, T., Guo, X., Xu, B., Zhao, L., Peng, Y., & Yang, H. (2013, September). Next big thing in
big data: the security of the ICT supply chain. In 2013 International Conference on
Social Computing (pp. 1066-1073). IEEE.
Whitman, M., & Mattord, H. J. (2014). Information security governance for the non-security
business executive.
Yuan, X., Yang, L., Jones, B., Yu, H., & Chu, B. T. (2016). Secure software engineering
education: Knowledge area, curriculum and resources. Journal of Cybersecurity
Education, Research and Practice, 2016(1), 3.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.