Security Management System Investigation, Report, Policy Document
VerifiedAdded on 2020/05/11
|27
|7358
|48
Report
AI Summary
This report provides a comprehensive overview of security management systems, starting with an introduction to the core responsibilities of managing organizational security, including data and information protection through risk assessment. It delves into the principles of security management, such as confidentiality, integrity, and availability, and explores methodologies used by private cloud providers. The report covers the design and implementation of security measures, addressing security issues, risks, and mitigation techniques. It also examines legal and ethical considerations, potential benefits for stakeholders, and the application of current security principles and methodologies. The report further discusses the security tools utilized for mitigation, strategies for risk reduction, security policies, human factors, and legal regulations. The conclusion summarizes the key findings and recommendations for coherent security management applications.
Running Head: Security Management
Investigation, Report, Policy Document
Investigation, Report, Policy Document
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security Management System
Table of Contents
Introduction to the Security Management..................................................................................2
Principles of the Security Management.....................................................................................2
Methodologies of the Private Cloud Provider............................................................................3
Design........................................................................................................................................4
Implementation..........................................................................................................................5
Security Issues............................................................................................................................5
Security Risks and Mitigation Techniques................................................................................7
Legal Considerations, Standards, ethical considerations...........................................................8
Potential Benefits of the proposed Security Management for all Stakeholders.........................8
Applications of the current Security Principles and Current methodologies.............................9
Security Tools used to applied in the Mitigation Techniques..................................................10
Mitigation Techniques..........................................................................................................10
Strategies Used for Mitigation the risks of the company are:..............................................11
Security Policies.......................................................................................................................12
Human Factors, laws and Regulations for the Best Practice...................................................13
Coherent in the Security Management Application.................................................................13
Conclusion................................................................................................................................13
References................................................................................................................................15
1
Table of Contents
Introduction to the Security Management..................................................................................2
Principles of the Security Management.....................................................................................2
Methodologies of the Private Cloud Provider............................................................................3
Design........................................................................................................................................4
Implementation..........................................................................................................................5
Security Issues............................................................................................................................5
Security Risks and Mitigation Techniques................................................................................7
Legal Considerations, Standards, ethical considerations...........................................................8
Potential Benefits of the proposed Security Management for all Stakeholders.........................8
Applications of the current Security Principles and Current methodologies.............................9
Security Tools used to applied in the Mitigation Techniques..................................................10
Mitigation Techniques..........................................................................................................10
Strategies Used for Mitigation the risks of the company are:..............................................11
Security Policies.......................................................................................................................12
Human Factors, laws and Regulations for the Best Practice...................................................13
Coherent in the Security Management Application.................................................................13
Conclusion................................................................................................................................13
References................................................................................................................................15
1
Security Management System
Introduction to the Security Management
It is the core responsibility of the superior authority of the organisation that holds the
responsibility to manage the organisation security. It is necessary to ensure the system
organisational data and information as well as to protect the information by the proper risk
assessment and the purpose of having the strategic goals and the main objectives is to keep
the management secure form any vulnerable activities. The organisation generally acquire to
enable the tools used for the investing, personnel perform the business operations to meet and
identified the security needs which is mainly implemented in the organisation for the well-
designed structure of the company, it is necessary to have the proper roles and responsibilities
for the well-designed tasks as well as to have the proper mechanisms for measuring the
review and performances. It safety is not the end to the any organisation it is necessary to
have the proper suitability of the sustainable access for balancing the security in the
organisation. Safety and security management are relatively increasing in the as the one
element in the organisation to overall balance the risk management which mainly involve the
financial accountings, legal risks and the information security (Annan et al., 2012). The
relationship between the risk and security is mostly similar to the linguistic turn and to offer
the qualities being offered to address the responsibilities in the organisation in the systematic
manner. The security aid works is generally faced by the workers in the company. The
security management also introduce the domain for introducing some critical documents such
as policies, procedures and guidelines. These are generally great for the main to spell out the
importance in the organisation for managing their security practices and dealing with the
essential resources in the organisation. It mainly helps in assessing to the risks and to analyse
the threats on the resources and mainly determine where the protective mechanisms should be
used and placed. It is necessary that the employees should be trained for the security to have
an appropriate idea for having the good place for giving the training to them for practising in
2
Introduction to the Security Management
It is the core responsibility of the superior authority of the organisation that holds the
responsibility to manage the organisation security. It is necessary to ensure the system
organisational data and information as well as to protect the information by the proper risk
assessment and the purpose of having the strategic goals and the main objectives is to keep
the management secure form any vulnerable activities. The organisation generally acquire to
enable the tools used for the investing, personnel perform the business operations to meet and
identified the security needs which is mainly implemented in the organisation for the well-
designed structure of the company, it is necessary to have the proper roles and responsibilities
for the well-designed tasks as well as to have the proper mechanisms for measuring the
review and performances. It safety is not the end to the any organisation it is necessary to
have the proper suitability of the sustainable access for balancing the security in the
organisation. Safety and security management are relatively increasing in the as the one
element in the organisation to overall balance the risk management which mainly involve the
financial accountings, legal risks and the information security (Annan et al., 2012). The
relationship between the risk and security is mostly similar to the linguistic turn and to offer
the qualities being offered to address the responsibilities in the organisation in the systematic
manner. The security aid works is generally faced by the workers in the company. The
security management also introduce the domain for introducing some critical documents such
as policies, procedures and guidelines. These are generally great for the main to spell out the
importance in the organisation for managing their security practices and dealing with the
essential resources in the organisation. It mainly helps in assessing to the risks and to analyse
the threats on the resources and mainly determine where the protective mechanisms should be
used and placed. It is necessary that the employees should be trained for the security to have
an appropriate idea for having the good place for giving the training to them for practising in
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security Management System
the workplace (Bulgurcu, Cavusoglu & Benbasat, 2010). The main aim of the employee is to
have the main objective and the goal to ensure the confidentiality, integrity and the
availability of the resources and assets and to the information.
Principles of the Security Management
The principles are used for the specific terminology across the field in the organisation
management. The principle has their own language for which it is closely related to the
organisation needs. The principles have the limited scope and the complexity for the enabling
to the wider space of the business populations to have the business concepts to implement in
the organisation. The basic principles of the organisation is still the same in today scenario
has not be changed. The principles had the implementation in the certain areas in the
organisation. There are various principles and the guidelines is been used for implementing in
the organisation. The principles of the organisation is based on the main theory and is been
derived into the several parts of the accessing in the organisation (Chen et al., 2013).
1. Confidentiality- This is another word used for privacy of user data. There are some
parameters which is been set at a place to ensure confidentially of sensitive user
content to save this information from reaching in wrong hands. So this is to be
ensured that this information is having only restricted access and given only to limited
users .This data can be categorized according to its sensitivity and it may not fall in
unwanted hands which may misuse it .This data is to be safeguarded and it involve
special skills training to categorizing data as well as accessing of data by authorized
users.
2. Integrity- This is to safeguard the assets along with taking care of their accuracy and
completeness. Integrity of an information means that the information collected is must
3
the workplace (Bulgurcu, Cavusoglu & Benbasat, 2010). The main aim of the employee is to
have the main objective and the goal to ensure the confidentiality, integrity and the
availability of the resources and assets and to the information.
Principles of the Security Management
The principles are used for the specific terminology across the field in the organisation
management. The principle has their own language for which it is closely related to the
organisation needs. The principles have the limited scope and the complexity for the enabling
to the wider space of the business populations to have the business concepts to implement in
the organisation. The basic principles of the organisation is still the same in today scenario
has not be changed. The principles had the implementation in the certain areas in the
organisation. There are various principles and the guidelines is been used for implementing in
the organisation. The principles of the organisation is based on the main theory and is been
derived into the several parts of the accessing in the organisation (Chen et al., 2013).
1. Confidentiality- This is another word used for privacy of user data. There are some
parameters which is been set at a place to ensure confidentially of sensitive user
content to save this information from reaching in wrong hands. So this is to be
ensured that this information is having only restricted access and given only to limited
users .This data can be categorized according to its sensitivity and it may not fall in
unwanted hands which may misuse it .This data is to be safeguarded and it involve
special skills training to categorizing data as well as accessing of data by authorized
users.
2. Integrity- This is to safeguard the assets along with taking care of their accuracy and
completeness. Integrity of an information means that the information collected is must
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security Management System
be useful as well as complete and accurate. It helps in maintaining the integrity of
information so that only certain users are authorized and accessed that information,
and this information is altered and updated only by certain user. So in meantime
basically integrity of information can be maintained by updating security patches of
the server on which information is stored and only authorized personnel’s can alter or
delete this information when needed (Coffee, Sale & Henderson, 2015).
3. Availability- Phenomena when Information can be remotely accessed from anywhere
when demanded is known as Availability. Information of an enterprise is specified at
the time when it is required, it must be accessed quickly but sometimes it is not
available when needed or some irrelevant data is provided. Relevant hardware is
applied so that the information can be accessed by Information assurance professional
significantly .In old time’s information is secured and locked up and never allowed to
accessed by authorized users which is not evenly accessed every time required .This is
an important truth that security is compromised when accessibility comes to place. So
it is important to balance between these two aspects in information technology.
Methodologies of the Private Cloud Provider
A system and the method is been used for disclosing the private cloud computing and for
developing and deploying to the various applications being used in implementing the
methodologies in the organisation. It provides the storage capacity with the capabilities to
store wand to process the data to the data centers. Company use the cloud platform for storing
the different files and data of the company on it. Basically the security issues are being raised
by the customers regarding to the data and to the information.
There are various phases for implementing the methodologies for the security strategies and
to the cloud services. There are various sections in which the security is used for
4
be useful as well as complete and accurate. It helps in maintaining the integrity of
information so that only certain users are authorized and accessed that information,
and this information is altered and updated only by certain user. So in meantime
basically integrity of information can be maintained by updating security patches of
the server on which information is stored and only authorized personnel’s can alter or
delete this information when needed (Coffee, Sale & Henderson, 2015).
3. Availability- Phenomena when Information can be remotely accessed from anywhere
when demanded is known as Availability. Information of an enterprise is specified at
the time when it is required, it must be accessed quickly but sometimes it is not
available when needed or some irrelevant data is provided. Relevant hardware is
applied so that the information can be accessed by Information assurance professional
significantly .In old time’s information is secured and locked up and never allowed to
accessed by authorized users which is not evenly accessed every time required .This is
an important truth that security is compromised when accessibility comes to place. So
it is important to balance between these two aspects in information technology.
Methodologies of the Private Cloud Provider
A system and the method is been used for disclosing the private cloud computing and for
developing and deploying to the various applications being used in implementing the
methodologies in the organisation. It provides the storage capacity with the capabilities to
store wand to process the data to the data centers. Company use the cloud platform for storing
the different files and data of the company on it. Basically the security issues are being raised
by the customers regarding to the data and to the information.
There are various phases for implementing the methodologies for the security strategies and
to the cloud services. There are various sections in which the security is used for
4
Security Management System
implementing the security policies and controls which helps in minimizing the threats and
risks in the cloud data services where the data is been saved. It is been used in all the forms
and all types of attacks which are intruded in the database. It is based on to detect the various
types of threats, attacks and vulnerabilities for detecting into the database Coronel & Morris,
2016).
There are various steps used for implementing the security strategies for the cloud services.
1. It is used for predicting the attacks and accessing the risks to prevent the database stored in
the cloud services.
2. It is essential to know each type of threat been intruded in the database.
3. Apply the various methodologies used for implementing the techniques and tools used for
detecting the threats in the database and in the system.
4. Applying the proactive strategies which are a predefined set of the steps taken to prevent
from the attacks before they damage the whole data in the database files and to the systems.
5. Determining the various vulnerabilities and threats that specify the attacks being exploit
and discovered, current policies and controls are used and altered for implementing and
minimizing the threats.
6 It is necessary to design the contingency plan which mainly helps in developing an
alternative plan if in case the attacks penetrate from the system and to the data security or any
other assets. This plan mainly helps in restoring the databases in a timely manner (De Lange,
Von Solms& Gerber, 2016).
5
implementing the security policies and controls which helps in minimizing the threats and
risks in the cloud data services where the data is been saved. It is been used in all the forms
and all types of attacks which are intruded in the database. It is based on to detect the various
types of threats, attacks and vulnerabilities for detecting into the database Coronel & Morris,
2016).
There are various steps used for implementing the security strategies for the cloud services.
1. It is used for predicting the attacks and accessing the risks to prevent the database stored in
the cloud services.
2. It is essential to know each type of threat been intruded in the database.
3. Apply the various methodologies used for implementing the techniques and tools used for
detecting the threats in the database and in the system.
4. Applying the proactive strategies which are a predefined set of the steps taken to prevent
from the attacks before they damage the whole data in the database files and to the systems.
5. Determining the various vulnerabilities and threats that specify the attacks being exploit
and discovered, current policies and controls are used and altered for implementing and
minimizing the threats.
6 It is necessary to design the contingency plan which mainly helps in developing an
alternative plan if in case the attacks penetrate from the system and to the data security or any
other assets. This plan mainly helps in restoring the databases in a timely manner (De Lange,
Von Solms& Gerber, 2016).
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security Management System
Design
The designing of the management system includes the identification of the business
requirements accessing to the likelihood and impacts of the business risks, which generally
include the implementation and designing of the security policy and selection made regarding
to the adequate counter measures for existing risks. The designing of the security
requirements generally include the basic safety standards and the procedures and processing
of the systems and transferring of the information associated with the IT system like
managing the operations and to the technical area. The organisation has the proper designing
for implementing in the security management system so as to assess the risks placed in the
management. The main aim of designing is to secure the networks for managing the risks as
effectively as possible, rather than eliminating the threats being placed in the security
administrations. A security management system should have the logging capabilities,
monitoring and watching in the organisation. The design system centrally present the
relevancy and the data related to the state of the network. The various design are been
approached to provide the suitability for resolving the problems being generated (Haddow,
Bullock & Coppola, 2017). There are concerns regarding to the technological, time related
and economic issues for the designing approaches.
Outside Expertise- Sometimes security managers are often disinclined to bring in an outside
security to maintain the organisational behaviour of the company to prevent from the
unwanted activities. So they use experts to provide specific expertise or to render an external
opinion.
Prioritization- Vulnerability and Threat Prioritization services compares with the outside
Internet risk and exploit files with user susceptibility for monitoring the data and measuring
and order liability remediation across the company. It mainly results in, including risk
bearing visualizations that are presented within dedicated business intelligence and to the
6
Design
The designing of the management system includes the identification of the business
requirements accessing to the likelihood and impacts of the business risks, which generally
include the implementation and designing of the security policy and selection made regarding
to the adequate counter measures for existing risks. The designing of the security
requirements generally include the basic safety standards and the procedures and processing
of the systems and transferring of the information associated with the IT system like
managing the operations and to the technical area. The organisation has the proper designing
for implementing in the security management system so as to assess the risks placed in the
management. The main aim of designing is to secure the networks for managing the risks as
effectively as possible, rather than eliminating the threats being placed in the security
administrations. A security management system should have the logging capabilities,
monitoring and watching in the organisation. The design system centrally present the
relevancy and the data related to the state of the network. The various design are been
approached to provide the suitability for resolving the problems being generated (Haddow,
Bullock & Coppola, 2017). There are concerns regarding to the technological, time related
and economic issues for the designing approaches.
Outside Expertise- Sometimes security managers are often disinclined to bring in an outside
security to maintain the organisational behaviour of the company to prevent from the
unwanted activities. So they use experts to provide specific expertise or to render an external
opinion.
Prioritization- Vulnerability and Threat Prioritization services compares with the outside
Internet risk and exploit files with user susceptibility for monitoring the data and measuring
and order liability remediation across the company. It mainly results in, including risk
bearing visualizations that are presented within dedicated business intelligence and to the
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security Management System
control panel, as well as to consolidate to the other data. The Vulnerability risk is been in the
prioritization services to access through our Client Portal.
Internal Compliance- It can be defined as the process by which an organisation ensures that
the appropriate internal necessities in the company is been regulated such as legislation, rules,
guidelines, standards, codes, policies, procedures and controls are complied with (Harrer &
Wald, 2016).
Implementation
It is essential to successfully implement the design for security management of the
organisation. It is simple since the page is been facilitated by the various tools.
Figure 1 Successful Implementation of the Security Management in the Organisation
( Sourced By:https://www.google.co.in/search?
biw=1366&bih=662&tbm=isch&sa=1&q=implementation+of+the+security+in+organsa
tion&oq=implementation+of+the+security+in+organsation&gs_l=psy-
7
control panel, as well as to consolidate to the other data. The Vulnerability risk is been in the
prioritization services to access through our Client Portal.
Internal Compliance- It can be defined as the process by which an organisation ensures that
the appropriate internal necessities in the company is been regulated such as legislation, rules,
guidelines, standards, codes, policies, procedures and controls are complied with (Harrer &
Wald, 2016).
Implementation
It is essential to successfully implement the design for security management of the
organisation. It is simple since the page is been facilitated by the various tools.
Figure 1 Successful Implementation of the Security Management in the Organisation
( Sourced By:https://www.google.co.in/search?
biw=1366&bih=662&tbm=isch&sa=1&q=implementation+of+the+security+in+organsa
tion&oq=implementation+of+the+security+in+organsation&gs_l=psy-
7
Security Management System
ab.3...88446.101138.0.101538.35.30.5.0.0.0.180.3377.0j28.28.0....0...1.1.64.psy-
ab..2.7.828...0j0i24k1.0.I8JdOryvfzg#imgrc=YZsyfWY-YPxUJM:)
Security Issues
It is necessary to be aware of the importance of the security in the organisation. Security
Manager tends to provide and facilitate the security for building the security, providing
security to the employees, financial security is the main priority in the organisation.
Moreover an organisation comprises of many resources and assets that require security
mainly dependable on its IT infrastructure. The company’s management and its infrastructure
is the lifeline of the employees as their main aim is to provide the products to the customers
and to gain the profit and make money for the company. It is important to recognise the IT
infrastructure as it is the main resource and the asset for the company which requires leading
in the security (Humphreys, 2007). There are various risks that are being raised in the
organisation are:
1. Spam- This is junk unsolicited junk mail which is always sent in bulk, this is sent
even for commercial purposes. This is sent by network of some spammers which use
the virus infected systems and it complicated to track such spammers according to
stats conducted the 80% of total mails are spam's. To avoid such mails to harm your
device never click on links of such spam unsolicited mail and never download files
from spam looking mails.
2. Viruses- It is basically a malicious code and it replicates itself and creates a loop by
copying itself to any other software and breaches security it basically attacks on boot
sector of computer. This is spread by willingly or willingly by both software or
hardware attachments of the system .This is different from some worms it requires a
trigger or a human interaction to spread .This can spread from various medium like
8
ab.3...88446.101138.0.101538.35.30.5.0.0.0.180.3377.0j28.28.0....0...1.1.64.psy-
ab..2.7.828...0j0i24k1.0.I8JdOryvfzg#imgrc=YZsyfWY-YPxUJM:)
Security Issues
It is necessary to be aware of the importance of the security in the organisation. Security
Manager tends to provide and facilitate the security for building the security, providing
security to the employees, financial security is the main priority in the organisation.
Moreover an organisation comprises of many resources and assets that require security
mainly dependable on its IT infrastructure. The company’s management and its infrastructure
is the lifeline of the employees as their main aim is to provide the products to the customers
and to gain the profit and make money for the company. It is important to recognise the IT
infrastructure as it is the main resource and the asset for the company which requires leading
in the security (Humphreys, 2007). There are various risks that are being raised in the
organisation are:
1. Spam- This is junk unsolicited junk mail which is always sent in bulk, this is sent
even for commercial purposes. This is sent by network of some spammers which use
the virus infected systems and it complicated to track such spammers according to
stats conducted the 80% of total mails are spam's. To avoid such mails to harm your
device never click on links of such spam unsolicited mail and never download files
from spam looking mails.
2. Viruses- It is basically a malicious code and it replicates itself and creates a loop by
copying itself to any other software and breaches security it basically attacks on boot
sector of computer. This is spread by willingly or willingly by both software or
hardware attachments of the system .This is different from some worms it requires a
trigger or a human interaction to spread .This can spread from various medium like
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security Management System
email, instant messaging and topological connections of various
computers .sometimes it may act as key logger and steals the banking details by
capturing keystrokes of users .By implementing antivirus software we can save our
network and all files and folders that could be easily corrupted or lost.
3. Malware- All Trojans, spyware and worms comes in category of malware which will
harm the system in a slow manner. It can easily attack all executable files on the
system which if connected to network infect the whole network of systems.
Categorically malware can be used for financial gain or to disrupt a system, all these
spyware worms’ botnets are having one motto that is to steal the valuable information
of users such as bank information, credit card information whenever a transaction is
done by user. Online banking details are also being stolen by these spywares.
Antivirus installation and up gradation of its security patch is only solution of this
problem.
4. Monitoring of the Networks- Monitoring the system and networks regularly is an
important task for an IT manager. It is needed to work together in the organization
to track its day-to-day tasks. If a server crashes in the workstations, then the system
gets affected and employees are unable to carry on with their work. If the networks
stop working then the repercussions will be affect the entire company, and it stops
the business processes to its production levels (Kazemi, Khajouei & Nasrabadi,
2012).
5. Scanning of the vulnerabilities and Patch Management- Scanning is necessary
for detecting and resolving the vulnerable issues, patch management and network
assessing for all security features that need to be specified and addressed when
dealing with networks. Scanning the company networks for open ports, technologies
that are susceptible to infection is the initial step to security.
9
email, instant messaging and topological connections of various
computers .sometimes it may act as key logger and steals the banking details by
capturing keystrokes of users .By implementing antivirus software we can save our
network and all files and folders that could be easily corrupted or lost.
3. Malware- All Trojans, spyware and worms comes in category of malware which will
harm the system in a slow manner. It can easily attack all executable files on the
system which if connected to network infect the whole network of systems.
Categorically malware can be used for financial gain or to disrupt a system, all these
spyware worms’ botnets are having one motto that is to steal the valuable information
of users such as bank information, credit card information whenever a transaction is
done by user. Online banking details are also being stolen by these spywares.
Antivirus installation and up gradation of its security patch is only solution of this
problem.
4. Monitoring of the Networks- Monitoring the system and networks regularly is an
important task for an IT manager. It is needed to work together in the organization
to track its day-to-day tasks. If a server crashes in the workstations, then the system
gets affected and employees are unable to carry on with their work. If the networks
stop working then the repercussions will be affect the entire company, and it stops
the business processes to its production levels (Kazemi, Khajouei & Nasrabadi,
2012).
5. Scanning of the vulnerabilities and Patch Management- Scanning is necessary
for detecting and resolving the vulnerable issues, patch management and network
assessing for all security features that need to be specified and addressed when
dealing with networks. Scanning the company networks for open ports, technologies
that are susceptible to infection is the initial step to security.
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security Management System
6. Health Hazards- It basically depend on the nature and the environment of the
company where the facilities are being located, where suddenly the threat has been
incurred in this case threats can be significant security issue being faced by the
personnel.
7. Physical Security- It provides the facility to the company to be in safe mode from the
theft which mainly deals in facilitating and maintaining them to meet native, state or
federal standards for the security of the company's and to the employees.
8. Personnel Security- It aims in protecting to the security regarding to the employees
and is regularly being checked and cited for the next annoying security concern
9. Information Security- It is the best to protect for the goods of the company
proprietary information.
10. Other Issues-This type of business initiates with the company’s performance and to
the various parts of the world where the work is to be done and also generate security
issues. Global companies generally deal with the potential threats to their foreign
business travellers (Krutz& Vines, 2010).
Security Risks and Mitigation Techniques
The techniques used for mitigating the risks are highly dependable on the type of the risks.
Mitigation Strategies are being used to fill the gap and align the new business goals and
objectives to overcome form the risks and the threats. The security breach or the threat is
been detected for security analysing the software for the help and collecting of the network
logging and to the endpoint data. It mainly enables in the timeline and session analysis that
can be held for analysing and shedding the light that how the breach has occurred and in the
way the systems are affected. The company when connected to the internet is in the big risks
and in the only way is to escape and unplug the computer form the outside world. In today’s
10
6. Health Hazards- It basically depend on the nature and the environment of the
company where the facilities are being located, where suddenly the threat has been
incurred in this case threats can be significant security issue being faced by the
personnel.
7. Physical Security- It provides the facility to the company to be in safe mode from the
theft which mainly deals in facilitating and maintaining them to meet native, state or
federal standards for the security of the company's and to the employees.
8. Personnel Security- It aims in protecting to the security regarding to the employees
and is regularly being checked and cited for the next annoying security concern
9. Information Security- It is the best to protect for the goods of the company
proprietary information.
10. Other Issues-This type of business initiates with the company’s performance and to
the various parts of the world where the work is to be done and also generate security
issues. Global companies generally deal with the potential threats to their foreign
business travellers (Krutz& Vines, 2010).
Security Risks and Mitigation Techniques
The techniques used for mitigating the risks are highly dependable on the type of the risks.
Mitigation Strategies are being used to fill the gap and align the new business goals and
objectives to overcome form the risks and the threats. The security breach or the threat is
been detected for security analysing the software for the help and collecting of the network
logging and to the endpoint data. It mainly enables in the timeline and session analysis that
can be held for analysing and shedding the light that how the breach has occurred and in the
way the systems are affected. The company when connected to the internet is in the big risks
and in the only way is to escape and unplug the computer form the outside world. In today’s
10
Security Management System
business world the computer and the information is the lifeblood of the every systems and to
the organisation. It mainly takes one security breach to take your company to put into the
breach or putting the irreparable damage caused to your reputation. It is necessary to lower
down the risks being detected in the organisation so as to prevent the data files and the
information of the organisational behaviour. Developing a high level mitigation techniques
and strategies is being used for the overall approach for reducing the risk and reassessment of
the residual risks (Li Da, Xu, 2017). It mainly includes the establishing criteria for which the
evaluation of the techniques takes place for detecting the threats, vulnerabilities and the
threats associated with and concerning to the main impacts which are been identified in the
organisation. The mitigation o the risks is been implied for determining the risks and
implementing the optimal measures being used for eliminating, to plan and optimizing the
measures been taken for mitigating. Reassessment of the risks basically consist of the
remaining risks after the risks is been mitigate so as to reduce the further risks if it is been
detected and found in the organisational behaviour. There are several mitigation techniques
which are generally used for reducing the risks and are dependable on the type of the risks:
1. Risk Avoidance- It is possible to have the manager who has the authority for not
choosing or implementing the processes and procedures that can produce an upper
level of risk or obscures the group’s activity.
2. Risk Limitation- Unwanted activities can be reduced by implementing to the security
measures and procedures. When implementing is made in context of the account the
cost and benefits of the implementation.
3. Risk Transference- Risk can be common and can be shared with the different
associates or transferred to protection for the companies. This action must be taken
taking for making into consideration to the organizational risk behaviour.
11
business world the computer and the information is the lifeblood of the every systems and to
the organisation. It mainly takes one security breach to take your company to put into the
breach or putting the irreparable damage caused to your reputation. It is necessary to lower
down the risks being detected in the organisation so as to prevent the data files and the
information of the organisational behaviour. Developing a high level mitigation techniques
and strategies is being used for the overall approach for reducing the risk and reassessment of
the residual risks (Li Da, Xu, 2017). It mainly includes the establishing criteria for which the
evaluation of the techniques takes place for detecting the threats, vulnerabilities and the
threats associated with and concerning to the main impacts which are been identified in the
organisation. The mitigation o the risks is been implied for determining the risks and
implementing the optimal measures being used for eliminating, to plan and optimizing the
measures been taken for mitigating. Reassessment of the risks basically consist of the
remaining risks after the risks is been mitigate so as to reduce the further risks if it is been
detected and found in the organisational behaviour. There are several mitigation techniques
which are generally used for reducing the risks and are dependable on the type of the risks:
1. Risk Avoidance- It is possible to have the manager who has the authority for not
choosing or implementing the processes and procedures that can produce an upper
level of risk or obscures the group’s activity.
2. Risk Limitation- Unwanted activities can be reduced by implementing to the security
measures and procedures. When implementing is made in context of the account the
cost and benefits of the implementation.
3. Risk Transference- Risk can be common and can be shared with the different
associates or transferred to protection for the companies. This action must be taken
taking for making into consideration to the organizational risk behaviour.
11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 27
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.