ITC596 IT Risk Management: Risk Assessment & CISO Appointment Report
VerifiedAdded on 2023/04/21
|13
|3003
|227
Report
AI Summary
This report provides a comprehensive analysis of IT risk management within a university setting, focusing on digital security risks and the crucial role of a Chief Information Security Officer (CISO). The first part presents a risk assessment, detailing identified risks, their potential impact, inherent and residual risk assessments, and key controls for mitigation, all summarized in a risk register. The second part offers recommendations for appointing a CISO, defining the role, outlining responsibilities, and highlighting its importance in safeguarding the university's information assets. The report emphasizes the need for robust security measures, monitoring practices, and adherence to security policies to protect sensitive data and ensure business continuity. Desklib offers a wealth of similar resources, including past papers and solved assignments, to aid students in their studies.
Running head: IT RISK MANAGEMENT
ITC596 – IT Risk Management Assignment Two
Student Name:
University Name:
ITC596 – IT Risk Management Assignment Two
Student Name:
University Name:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1NT
Executive Summary
This report reflects the role and importance of using a risk register for a University to measure
the impact of each identified risks. Digital security is one of the crucial elements that help to
keep the confidentiality of information. The risk register is consists of identified risk, its
probability, likelihood, score and overall impact on the university campus. The second section
deals with recommendation for appointment of a CISO. The roles and responsibilities of a CISO
and its importance in an organization are also elaborated in this report.
Executive Summary
This report reflects the role and importance of using a risk register for a University to measure
the impact of each identified risks. Digital security is one of the crucial elements that help to
keep the confidentiality of information. The risk register is consists of identified risk, its
probability, likelihood, score and overall impact on the university campus. The second section
deals with recommendation for appointment of a CISO. The roles and responsibilities of a CISO
and its importance in an organization are also elaborated in this report.
2NT
Table of Contents
Part One - Conducting A Risk Assessment.....................................................................................3
Option Two - Recommendations on the Appointment of a CISO (Chief Information Security
Officer)............................................................................................................................................6
Definition of CISO......................................................................................................................6
Importance of CISO for the startup business...............................................................................8
References......................................................................................................................................10
Table of Contents
Part One - Conducting A Risk Assessment.....................................................................................3
Option Two - Recommendations on the Appointment of a CISO (Chief Information Security
Officer)............................................................................................................................................6
Definition of CISO......................................................................................................................6
Importance of CISO for the startup business...............................................................................8
References......................................................................................................................................10
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3IT RISK MANAGEMENT
Part One - Conducting A Risk Assessment
Ri
sk
N
o.
Date
Iden
tifie
d Risk Name Risk Description
Impact
or
Conseq
uences
Likelihood
Impact
Multiplier
Inherent Risk Rating
Key Controls
in place to
mitigate the
risks
Likelihood2
Impact2
Multiplier2
Residual Risk Rating
Miti
gatio
n
Actio
ns
Actio
n
Own
er
Date Action
Completed
1
20/1
1/20
18
Cyber threats
and incidents
Cyber-attacks or
incidents could
occur resulting
into infiltration to
the University
system
Loss of
business
or
critical
informat
ion 4 3
1
2
Hi
gh
Implementati
on of proper
security
measures and
controls 3 3 9
Mod
erat
e
26/11
/2018
Chief
Infor
matio
n
Offic
er 30/11/2018
2
22/1
1/20
18
Loss of theft
of data
The data or
information could
be stolen or lost
from the
University
system
Exposur
e of
valuable
informat
ion and
business
processe
s 3 5
1
5
Hi
gh
Adequate
security
policies and
procedures
for users of
workstations
in the
University 3 4
1
2
Hig
h
30/11
/2018
Secur
ity
Advi
sor 29/11/2018
3
26/1
1/20
18
Exploits
related to
users and the
public
The exploitation
of the University
server could
affect users of the
system as well as
exposure of
general public
information
The
systems
will be
damage
d and
vital
informat
ion may
be
leaked
publicly 2 3 6
Lo
w
Data
protection and
anti-theft
applications
installed in
the system 2 3 6 Low
2/12/
2018
Syste
m
Admi
nistra
tor 5/12/2018
4
3/12/
2018
Compliance/
regulatory
incidents
If the University
systems are not
developed
following
compliance
The
non-
complia
nce or
regulato 3 3 9
Mo
der
ate
Evaluation of
systems as per
compliance
and
regulatory 3 3 9
Mod
erat
e
5/12/
2018
Regu
lator
y
Auth
ority 5/12/2018
Part One - Conducting A Risk Assessment
Ri
sk
N
o.
Date
Iden
tifie
d Risk Name Risk Description
Impact
or
Conseq
uences
Likelihood
Impact
Multiplier
Inherent Risk Rating
Key Controls
in place to
mitigate the
risks
Likelihood2
Impact2
Multiplier2
Residual Risk Rating
Miti
gatio
n
Actio
ns
Actio
n
Own
er
Date Action
Completed
1
20/1
1/20
18
Cyber threats
and incidents
Cyber-attacks or
incidents could
occur resulting
into infiltration to
the University
system
Loss of
business
or
critical
informat
ion 4 3
1
2
Hi
gh
Implementati
on of proper
security
measures and
controls 3 3 9
Mod
erat
e
26/11
/2018
Chief
Infor
matio
n
Offic
er 30/11/2018
2
22/1
1/20
18
Loss of theft
of data
The data or
information could
be stolen or lost
from the
University
system
Exposur
e of
valuable
informat
ion and
business
processe
s 3 5
1
5
Hi
gh
Adequate
security
policies and
procedures
for users of
workstations
in the
University 3 4
1
2
Hig
h
30/11
/2018
Secur
ity
Advi
sor 29/11/2018
3
26/1
1/20
18
Exploits
related to
users and the
public
The exploitation
of the University
server could
affect users of the
system as well as
exposure of
general public
information
The
systems
will be
damage
d and
vital
informat
ion may
be
leaked
publicly 2 3 6
Lo
w
Data
protection and
anti-theft
applications
installed in
the system 2 3 6 Low
2/12/
2018
Syste
m
Admi
nistra
tor 5/12/2018
4
3/12/
2018
Compliance/
regulatory
incidents
If the University
systems are not
developed
following
compliance
The
non-
complia
nce or
regulato 3 3 9
Mo
der
ate
Evaluation of
systems as per
compliance
and
regulatory 3 3 9
Mod
erat
e
5/12/
2018
Regu
lator
y
Auth
ority 5/12/2018
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4IT RISK MANAGEMENT
standards then
there may be
loopholes leading
to external
attacks
ry
incident
s may
lead to
loophol
es in the
system
thus
jeopardi
zing the
system
security requirements
5
30/1
1/20
18
Phising or
social
engineering
attacks
Non-existence or
unavailability of
security measures
could give access
to phising or
social
engineering
attacks
The
systems
will be
infiltrate
d with
virus
that
may
corrupt
the
system 3 4
1
2
Mo
der
ate
Installation of
Antivirus and
malware
protection
applications 2 3 6 Low
3/12/
2018
Syste
m
Admi
nistra
tor 2/12/2018
6
5/12/
2018
Denial of
service (DoS)
attack
This type of
attack will result
into
unavailability of
a machine or
network
resources to the
users
Access
to
systems
will be
blocked
and it
will be
under
control
of the
attacker
s 3 3 9
Mo
der
ate
Monitoring of
traffic levels
at a constant
basis and
packet
filtering
options 3 3 9
Mod
erat
e
10/12
/2018
Netw
ork
Engi
neer 9/12/2018
7 15/1
2/20
18
Hacking or
physical
threats
A particular
machine or the
network may be
hacked by
attackers to gain
control over
entire system of
the University
Users
will not
be able
to
perform
required
operatio
ns and it
would
4 4 1
6
Hi
gh
Implementati
on of threat
detection and
prevention
control
mechanisms
3 4 1
2
Hig
h
20/12
/2018
Admi
nistra
tor
19/12/2018
standards then
there may be
loopholes leading
to external
attacks
ry
incident
s may
lead to
loophol
es in the
system
thus
jeopardi
zing the
system
security requirements
5
30/1
1/20
18
Phising or
social
engineering
attacks
Non-existence or
unavailability of
security measures
could give access
to phising or
social
engineering
attacks
The
systems
will be
infiltrate
d with
virus
that
may
corrupt
the
system 3 4
1
2
Mo
der
ate
Installation of
Antivirus and
malware
protection
applications 2 3 6 Low
3/12/
2018
Syste
m
Admi
nistra
tor 2/12/2018
6
5/12/
2018
Denial of
service (DoS)
attack
This type of
attack will result
into
unavailability of
a machine or
network
resources to the
users
Access
to
systems
will be
blocked
and it
will be
under
control
of the
attacker
s 3 3 9
Mo
der
ate
Monitoring of
traffic levels
at a constant
basis and
packet
filtering
options 3 3 9
Mod
erat
e
10/12
/2018
Netw
ork
Engi
neer 9/12/2018
7 15/1
2/20
18
Hacking or
physical
threats
A particular
machine or the
network may be
hacked by
attackers to gain
control over
entire system of
the University
Users
will not
be able
to
perform
required
operatio
ns and it
would
4 4 1
6
Hi
gh
Implementati
on of threat
detection and
prevention
control
mechanisms
3 4 1
2
Hig
h
20/12
/2018
Admi
nistra
tor
19/12/2018
5IT RISK MANAGEMENT
hamper
the
business
8
19/1
2/20
18
Domain
based threats
or creation of
cyber attack
infrastructure
The domain
being used by the
University server
may be hacked or
attackers could
also create
another
infrastructure to
execute attacks
Lead
the
users to
different
domains
or other
platform
to
capture
user
credenti
als 3 2 6
Lo
w
Suitable
encryption
standards for
communicatio
n and firewall
for the
University
server 3 2 6 Low
26/12
/2018
Serve
r
Admi
nistra
tor 26/12/2018
9
22/1
2/20
18
Executive
threats
impersonatio
n
This risk may
occur due to
negligence of
executives in the
University or
unauthorized user
accessing the
system with
duplicate
credentials
Security
breach
and data
theft or
exposur
e 4 5
2
0
Hi
gh
Proper
authorization
protocols and
technqiues to
prevent
security
breach 4 4
1
6
Hig
h
29/12
/2018
Secur
ity
Mana
ger Not Completed
10
27/1
2/20
18
Manual errors
or
mishandling
of
infrastructure
Mishandling of
information or
manual errors
could lead to data
breach and
exposure of
critical
information
Leakage
of
informat
ion and
security
gap in
the
infrastru
cture 3 3 9
Mo
der
ate
Preventive
measures for
handling
errors and
proper
guidelines for
usage of
infrastructure
services 3 3 9
Mod
erat
e
31/12
/2018
Empl
oyees
,
Staff
s and
Users Not Completed
Table 1: Risk register for Digital Security Risks
(Source: Created by Author)
The above table presents the risks that have been identified in context to Digital Security risks to be faced by the University and it will help in mitigation of the identified issues.
The management of Digital Security risks is an essential element for the University as it will help to manage their business operations efficiently. The risks being identified have to be
mitigated effectively so that the critical business information could be kept safe and secure. Most of the risks identified relates to operational category of risks however these may be also
hamper
the
business
8
19/1
2/20
18
Domain
based threats
or creation of
cyber attack
infrastructure
The domain
being used by the
University server
may be hacked or
attackers could
also create
another
infrastructure to
execute attacks
Lead
the
users to
different
domains
or other
platform
to
capture
user
credenti
als 3 2 6
Lo
w
Suitable
encryption
standards for
communicatio
n and firewall
for the
University
server 3 2 6 Low
26/12
/2018
Serve
r
Admi
nistra
tor 26/12/2018
9
22/1
2/20
18
Executive
threats
impersonatio
n
This risk may
occur due to
negligence of
executives in the
University or
unauthorized user
accessing the
system with
duplicate
credentials
Security
breach
and data
theft or
exposur
e 4 5
2
0
Hi
gh
Proper
authorization
protocols and
technqiues to
prevent
security
breach 4 4
1
6
Hig
h
29/12
/2018
Secur
ity
Mana
ger Not Completed
10
27/1
2/20
18
Manual errors
or
mishandling
of
infrastructure
Mishandling of
information or
manual errors
could lead to data
breach and
exposure of
critical
information
Leakage
of
informat
ion and
security
gap in
the
infrastru
cture 3 3 9
Mo
der
ate
Preventive
measures for
handling
errors and
proper
guidelines for
usage of
infrastructure
services 3 3 9
Mod
erat
e
31/12
/2018
Empl
oyees
,
Staff
s and
Users Not Completed
Table 1: Risk register for Digital Security Risks
(Source: Created by Author)
The above table presents the risks that have been identified in context to Digital Security risks to be faced by the University and it will help in mitigation of the identified issues.
The management of Digital Security risks is an essential element for the University as it will help to manage their business operations efficiently. The risks being identified have to be
mitigated effectively so that the critical business information could be kept safe and secure. Most of the risks identified relates to operational category of risks however these may be also
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6IT RISK MANAGEMENT
considered as technical risks that may occur anytime within the University. The personal or other vital information of the students as well as staffs may be leaked due to external or phishing
attacks. The increase in digital information is also giving rise to information security threats as the systems containing information could be vulnerable to cyber-attacks. The implementation
of proper security measures would eventually ensure security of information being stored in the University system. The monitoring and routine check-up practices have to be implemented
in the University so that there is less threat from external threats or attackers. Proper protocols will be implemented in the University to ensure that the only authorized persons could have
access to the system and operate them as per requirement. Further, backup and recovery options have to be considered by the University so that the information could be easily retrieved in
case of any error or misuse of data. The security of information being stored by the University is of utmost importance for the business as well as people associated with the University. The
vital information of the employees, staffs and students have to be kept secure by the University as exposure of data may lead to loss of their reputation as well as business value. Hence,
proper actions for mitigation have to be applied in time for resolving issues faced by the University. The proper adoption and implementation of security policies and procedures will lead to
successful business of the University. Moreover, encryption standards could be also implemented in the organization during communication and transmitting packets so that data could be
kept confidential from external threats or attacks.
considered as technical risks that may occur anytime within the University. The personal or other vital information of the students as well as staffs may be leaked due to external or phishing
attacks. The increase in digital information is also giving rise to information security threats as the systems containing information could be vulnerable to cyber-attacks. The implementation
of proper security measures would eventually ensure security of information being stored in the University system. The monitoring and routine check-up practices have to be implemented
in the University so that there is less threat from external threats or attackers. Proper protocols will be implemented in the University to ensure that the only authorized persons could have
access to the system and operate them as per requirement. Further, backup and recovery options have to be considered by the University so that the information could be easily retrieved in
case of any error or misuse of data. The security of information being stored by the University is of utmost importance for the business as well as people associated with the University. The
vital information of the employees, staffs and students have to be kept secure by the University as exposure of data may lead to loss of their reputation as well as business value. Hence,
proper actions for mitigation have to be applied in time for resolving issues faced by the University. The proper adoption and implementation of security policies and procedures will lead to
successful business of the University. Moreover, encryption standards could be also implemented in the organization during communication and transmitting packets so that data could be
kept confidential from external threats or attacks.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IT RISK MANAGEMENT
Option Two - Recommendations on the Appointment of a CISO (Chief
Information Security Officer)
Definition of CISO
The Chief Information Security Officer (CISO) is referred to as a senior level executive who
mainly takes the responsibility of developing and implementing information security system and
security operation in the business organizations. The information security program includes policies
and procedures that are required to protect internal communication, system assets from both the
external and internal threats (Hooper & McKissack, 2016). The CISO can also play the roles of Chief
Information Officer (CIO) for procuring product and services of cyber security. They also need to
play active role in managing disaster recovery, application resilience and data backup, business
continuity planning etc.
In other words, the Chief Information Security Officer (CISO) can also be a chief security
architect, security manager corporate security officer etc. in any business organization. Whenever the
CISO takes the responsibilities of overall security system of the company they are simply called as
the Chief Information Officer (CIO). All security related and digital information related issues are
identified and resolved by the CIO of the organizations. In fact, the physical securities of the
companies are also handled by this CISO while required. Though, the roles of CISO and CIO can be
interchanged whenever required (Collette, Gentile & August, 2016). The security of Information
technology is all maintained by the CIO and CISO therefore, they are required to understand the ways
through which information and data confidentiality of an organization can be maintained. The CISO
of any business organization are clear about how to handle any difficult situation by establishing
Option Two - Recommendations on the Appointment of a CISO (Chief
Information Security Officer)
Definition of CISO
The Chief Information Security Officer (CISO) is referred to as a senior level executive who
mainly takes the responsibility of developing and implementing information security system and
security operation in the business organizations. The information security program includes policies
and procedures that are required to protect internal communication, system assets from both the
external and internal threats (Hooper & McKissack, 2016). The CISO can also play the roles of Chief
Information Officer (CIO) for procuring product and services of cyber security. They also need to
play active role in managing disaster recovery, application resilience and data backup, business
continuity planning etc.
In other words, the Chief Information Security Officer (CISO) can also be a chief security
architect, security manager corporate security officer etc. in any business organization. Whenever the
CISO takes the responsibilities of overall security system of the company they are simply called as
the Chief Information Officer (CIO). All security related and digital information related issues are
identified and resolved by the CIO of the organizations. In fact, the physical securities of the
companies are also handled by this CISO while required. Though, the roles of CISO and CIO can be
interchanged whenever required (Collette, Gentile & August, 2016). The security of Information
technology is all maintained by the CIO and CISO therefore, they are required to understand the ways
through which information and data confidentiality of an organization can be maintained. The CISO
of any business organization are clear about how to handle any difficult situation by establishing
8IT RISK MANAGEMENT
business continuity plans. In order to combine business and technology knowledge area together the
CISOs reports to the higher authority of the business.
Roles and responsibilities of CISO
In order to maintain the security of any business organization the features that are to be
possessed by the CISO include the following:
Managing abilities
Abilities for making strategies management plan
Professional skills of communication and writing
Appreciable knowledge regarding regulatory requirements and legislatives
Certain competence as well as exposure in information security field
They are also responsible to make strategic planning, policy planning, information security
auditing etc. They need to assist in development, maintenance, strategic improvement and risk
management planning etc. Around the last decades the notion of hybrid as well as Dual role play of
CIO is being evaluating sequentially. The nomination of such designation in the business
organizations has become a trend. The ideas regarding business transformation and other approaches
are also being conducted by the CIO of the business organizations. It is their responsibilities to ensure
that the IT security of the highlighted company is not at all compromised. The Chief Information
Officers (CIOs) should always have enough strong IT knowledge so that they can keep the
confidentiality of the employees and consumer’s financial details. In order to develop further business
strategies and business priorities the CIO should assign roles to the allocated employees.
It is also determined that the personnel and credibility issues will also be completed resolved
as soon as the CIO will accomplish the assigned roles and responsibilities. End up of a project does
business continuity plans. In order to combine business and technology knowledge area together the
CISOs reports to the higher authority of the business.
Roles and responsibilities of CISO
In order to maintain the security of any business organization the features that are to be
possessed by the CISO include the following:
Managing abilities
Abilities for making strategies management plan
Professional skills of communication and writing
Appreciable knowledge regarding regulatory requirements and legislatives
Certain competence as well as exposure in information security field
They are also responsible to make strategic planning, policy planning, information security
auditing etc. They need to assist in development, maintenance, strategic improvement and risk
management planning etc. Around the last decades the notion of hybrid as well as Dual role play of
CIO is being evaluating sequentially. The nomination of such designation in the business
organizations has become a trend. The ideas regarding business transformation and other approaches
are also being conducted by the CIO of the business organizations. It is their responsibilities to ensure
that the IT security of the highlighted company is not at all compromised. The Chief Information
Officers (CIOs) should always have enough strong IT knowledge so that they can keep the
confidentiality of the employees and consumer’s financial details. In order to develop further business
strategies and business priorities the CIO should assign roles to the allocated employees.
It is also determined that the personnel and credibility issues will also be completed resolved
as soon as the CIO will accomplish the assigned roles and responsibilities. End up of a project does
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9IT RISK MANAGEMENT
not mean that the responsibility of the CIO is also closed because they are always responsible for
continuous improvement planning. Besides hard technical skills they should have strong soft skills or
communication skills to encourage other employees and consumers as well. With the changing time
the responsibilities of the CIOs are also keeping on changing. Besides leaders they act in the roles of
improvers, influencers, transformers and inspirers. Being improvers the CIOs can increase the
business efficiency by reducing the overall capital investments on the other hand, being transformers
and influencers they can respectively transform the business environment and influence the
coworkers.
Instead of coming up for security challenges, data breaches or any other security issues the
CISO are assigned by anticipating new threats as well as active work for preventing those from
occurring. The CISOs always need to work collaboratively along with the other executives
throughout the department to make sure that the security systems are working appropriately and
reducing all the operational risks that the companies may face due to external and internal security
threats (Maynard, Onibere & Ahmad, 2018). Other responsibility of the CISO include increasing
security awareness among the employees through conducting training and developing secure business
as well as communication practices by identifying security objectives with metrics. Moreover, the
main duties and responsibilities of the CISO performance include ensuring data privacy of the
company are all maintained. They must conduct digital discovery and digital forensic investigations.
Importance of CISO for the startup business
From the above stated roles and responsibilities, it can be said that the overall responsibility of
a CISO is overwhelming but those are the reasons that a dedicated individual is necessary for the
startup business. The implementation of CISO in the business will help to take a strategic move such
that the customers and partners could be managed effectively (Allen et al., 2015). The
not mean that the responsibility of the CIO is also closed because they are always responsible for
continuous improvement planning. Besides hard technical skills they should have strong soft skills or
communication skills to encourage other employees and consumers as well. With the changing time
the responsibilities of the CIOs are also keeping on changing. Besides leaders they act in the roles of
improvers, influencers, transformers and inspirers. Being improvers the CIOs can increase the
business efficiency by reducing the overall capital investments on the other hand, being transformers
and influencers they can respectively transform the business environment and influence the
coworkers.
Instead of coming up for security challenges, data breaches or any other security issues the
CISO are assigned by anticipating new threats as well as active work for preventing those from
occurring. The CISOs always need to work collaboratively along with the other executives
throughout the department to make sure that the security systems are working appropriately and
reducing all the operational risks that the companies may face due to external and internal security
threats (Maynard, Onibere & Ahmad, 2018). Other responsibility of the CISO include increasing
security awareness among the employees through conducting training and developing secure business
as well as communication practices by identifying security objectives with metrics. Moreover, the
main duties and responsibilities of the CISO performance include ensuring data privacy of the
company are all maintained. They must conduct digital discovery and digital forensic investigations.
Importance of CISO for the startup business
From the above stated roles and responsibilities, it can be said that the overall responsibility of
a CISO is overwhelming but those are the reasons that a dedicated individual is necessary for the
startup business. The implementation of CISO in the business will help to take a strategic move such
that the customers and partners could be managed effectively (Allen et al., 2015). The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10IT RISK MANAGEMENT
implementation of CISO will let stakeholders become aware of the fact that the business cares about
their security even if there are various issues that may occur due to security failures. One of the major
reason to appoint a CISO for the startup business will be to fulfill needs of the business in context to
aligning the present situation with the IT infrastructure. The recruitment of a CISO will help the
business to focus more on customers and other business operations rather than worrying to keep
information safe and secure. CISO will help to manage security of the organizational information in
an efficient and effective manner so that the business functions could be carried out easily. The CISO
will also play an important role to maintain collaboration between the IT managers and other
employees while coming to concern about information security. The valuable business along with
customer and employee’s information will be secured by the CISO to ensure growth of the business
(Karanja & Rosso, 2017). The decisions regarding security policies and procedures will be
undertaken by the CISO so that other employees do not have to be involved which in turn will result
into elimination of resource wastage by the business.
implementation of CISO will let stakeholders become aware of the fact that the business cares about
their security even if there are various issues that may occur due to security failures. One of the major
reason to appoint a CISO for the startup business will be to fulfill needs of the business in context to
aligning the present situation with the IT infrastructure. The recruitment of a CISO will help the
business to focus more on customers and other business operations rather than worrying to keep
information safe and secure. CISO will help to manage security of the organizational information in
an efficient and effective manner so that the business functions could be carried out easily. The CISO
will also play an important role to maintain collaboration between the IT managers and other
employees while coming to concern about information security. The valuable business along with
customer and employee’s information will be secured by the CISO to ensure growth of the business
(Karanja & Rosso, 2017). The decisions regarding security policies and procedures will be
undertaken by the CISO so that other employees do not have to be involved which in turn will result
into elimination of resource wastage by the business.
11IT RISK MANAGEMENT
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Allen, J. H., Crabb, G., Curtis, P. D., Fitzpatrick, B., Mehravari, N., & Tobar, D. (2015). Structuring the
chief information security officer organization (No. CMU/SEI-2015-TN-007). CARNEGIE-
MELLON UNIV PITTSBURGH PA PITTSBURGH United States.
Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a
strategic balance between prevention and response. Information & management, 51(1), 138-151.
Cavelty, M. D., & Mauer, V. (2016). Power and security in the information age: Investigating the role
of the state in cyberspace. Routledge.
Collette, R., Gentile, M., & August, T. D. (2016). The CISO Handbook: A Practical Guide to Securing
Your Company. Auerbach Publications.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information security
risk management. Information Management & Computer Security, 22(5), 410-430.
Hooper, V., & McKissack, J. (2016). The emerging role of the CISO. Business Horizons, 59(6), 585-
591.
Karanja, E., & Rosso, M. A. (2017). The Chief Information Security Officer: An Exploratory
Study. Journal of International Technology and Information Management, 26(2), 23-47.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett
Publishers.
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Allen, J. H., Crabb, G., Curtis, P. D., Fitzpatrick, B., Mehravari, N., & Tobar, D. (2015). Structuring the
chief information security officer organization (No. CMU/SEI-2015-TN-007). CARNEGIE-
MELLON UNIV PITTSBURGH PA PITTSBURGH United States.
Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a
strategic balance between prevention and response. Information & management, 51(1), 138-151.
Cavelty, M. D., & Mauer, V. (2016). Power and security in the information age: Investigating the role
of the state in cyberspace. Routledge.
Collette, R., Gentile, M., & August, T. D. (2016). The CISO Handbook: A Practical Guide to Securing
Your Company. Auerbach Publications.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information security
risk management. Information Management & Computer Security, 22(5), 410-430.
Hooper, V., & McKissack, J. (2016). The emerging role of the CISO. Business Horizons, 59(6), 585-
591.
Karanja, E., & Rosso, M. A. (2017). The Chief Information Security Officer: An Exploratory
Study. Journal of International Technology and Information Management, 26(2), 23-47.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett
Publishers.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.