Smart Software Pty Ltd: InfoSec Risk Management and Ethical Practices
VerifiedAdded on 2025/04/08
|11
|3152
|216
AI Summary
Desklib provides past papers and solved assignments for students. This report analyzes ethical and security risks in Smart Software Pty Ltd.
Executive summary
In case of Smart Software Pty Ltd, which develops customized softwares for their clients, there can be
various information resources accessed by the company for becoming a leading brand in the market. But
in contrast, there are various type of security risks to the information resources. For ensuring these
resources to be secured, various policies and planning need to be reviewed and there is need to upgrade
the security management practices. So, in this report, several ethical issues, their measures, information
assets and their management in the working environment must be discussed.
WEEK 5
Ethical issues in the company’s environment
As for Smart Software Pty Ltd., there are many numerous information resources that are very accessible
to the business growth in information and technology field. The information of the various codes
developed for the software projects, information about particular user interface used, marketing
information and technology used, clients’ information, project management documents etc. all these
information kept confidential from various security risks to the company. Hence, there can be various
legal and ethical issues in the company likewise if these information resources fall in wrong hands then it
will lead to fraud, harm to the company, identity theft etc. The clients will lose their trust in Smart
Software Pty Ltd. From any small business to large companies, all individual face ethical issues which
result from the hiring of employees, dealing with them and firing them. Some of the ethical issues
related to the mishandling of the company’s information can be:
Employee behavior and legal issues due to discrimination: There can be various security risks
from the unethical behavior of the employees in the working environment. Just like
discriminating the employees on the basis of gender or religion in case of promotion lead to
their unethical behavior, and the possibility of data breaches will be increased through
employee’s hand. Through these data breaches, technology and information of the company
leaked which in turn damages the reputation and market sales of the software (Leonard, 2018).
Accounting practice ethics: There can be various unethical issues in accounting practices by the
accounts team in Smart Software Pty Ltd. Performing any practice that violates the laws and
In case of Smart Software Pty Ltd, which develops customized softwares for their clients, there can be
various information resources accessed by the company for becoming a leading brand in the market. But
in contrast, there are various type of security risks to the information resources. For ensuring these
resources to be secured, various policies and planning need to be reviewed and there is need to upgrade
the security management practices. So, in this report, several ethical issues, their measures, information
assets and their management in the working environment must be discussed.
WEEK 5
Ethical issues in the company’s environment
As for Smart Software Pty Ltd., there are many numerous information resources that are very accessible
to the business growth in information and technology field. The information of the various codes
developed for the software projects, information about particular user interface used, marketing
information and technology used, clients’ information, project management documents etc. all these
information kept confidential from various security risks to the company. Hence, there can be various
legal and ethical issues in the company likewise if these information resources fall in wrong hands then it
will lead to fraud, harm to the company, identity theft etc. The clients will lose their trust in Smart
Software Pty Ltd. From any small business to large companies, all individual face ethical issues which
result from the hiring of employees, dealing with them and firing them. Some of the ethical issues
related to the mishandling of the company’s information can be:
Employee behavior and legal issues due to discrimination: There can be various security risks
from the unethical behavior of the employees in the working environment. Just like
discriminating the employees on the basis of gender or religion in case of promotion lead to
their unethical behavior, and the possibility of data breaches will be increased through
employee’s hand. Through these data breaches, technology and information of the company
leaked which in turn damages the reputation and market sales of the software (Leonard, 2018).
Accounting practice ethics: There can be various unethical issues in accounting practices by the
accounts team in Smart Software Pty Ltd. Performing any practice that violates the laws and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
ethics of business lead to serious issues of business. This seems to distrust to the clients of the
company who are interested in software developed by the company.
Fundamental issues of customer relations: The most fundamental issues faced by Smart
Software can be trust and integrity. Treating every client fairly and building trust among them is
the basic idea for integrity. When the clients exhibit unfair environment and unethical business
practices then this will directly affect the business growth of Smart Software Pty Ltd (Oster,
2018).
Hiring and dealing with employees: During the hiring of employees for developing software
codes for the company or for any department, proper practices and procedures should be
integrated for hiring an individual for the working environment. Unethical people hired to lead
to security breaches by leakage of confidential data through unethical behavior of that
employee towards the Smart Software Company’s environment. Proper identity check and
previous employment verifications should be done.
Paying employees unequally: Even though several laws implemented regarding worker wages,
but the problem of unequal pay still persist in many companies regarding gender and caste. At
this stage also, an ethical dilemma arises if Smart Software Pty Ltd also do this to their
employees. This will result in unethical behavior of employees towards the organization and
lead to information leakage through the different department. This problem must be terminated
by proper practices and procedures followed by the higher authorities of Smart Software Pty Ltd
(Lister, 2018).
Termination issues of employees: Sometimes, the firing of employees also creates issues related
to the confidential information in the business environment. While firing an employee,
employee’s access to the information system of the company must be disabled and friendly
departures must be ensured by the organization otherwise there will be a chance that the
employee will leak the company’s personal information in front of competitors.
References
Lister, J. (2018), Top Ethical Issues Facing the General Business Community, viewed 19 January 2019,
https://smallbusiness.chron.com/top-ethical-issues-facing-general-business-community-25417.html
company who are interested in software developed by the company.
Fundamental issues of customer relations: The most fundamental issues faced by Smart
Software can be trust and integrity. Treating every client fairly and building trust among them is
the basic idea for integrity. When the clients exhibit unfair environment and unethical business
practices then this will directly affect the business growth of Smart Software Pty Ltd (Oster,
2018).
Hiring and dealing with employees: During the hiring of employees for developing software
codes for the company or for any department, proper practices and procedures should be
integrated for hiring an individual for the working environment. Unethical people hired to lead
to security breaches by leakage of confidential data through unethical behavior of that
employee towards the Smart Software Company’s environment. Proper identity check and
previous employment verifications should be done.
Paying employees unequally: Even though several laws implemented regarding worker wages,
but the problem of unequal pay still persist in many companies regarding gender and caste. At
this stage also, an ethical dilemma arises if Smart Software Pty Ltd also do this to their
employees. This will result in unethical behavior of employees towards the organization and
lead to information leakage through the different department. This problem must be terminated
by proper practices and procedures followed by the higher authorities of Smart Software Pty Ltd
(Lister, 2018).
Termination issues of employees: Sometimes, the firing of employees also creates issues related
to the confidential information in the business environment. While firing an employee,
employee’s access to the information system of the company must be disabled and friendly
departures must be ensured by the organization otherwise there will be a chance that the
employee will leak the company’s personal information in front of competitors.
References
Lister, J. (2018), Top Ethical Issues Facing the General Business Community, viewed 19 January 2019,
https://smallbusiness.chron.com/top-ethical-issues-facing-general-business-community-25417.html
Leonard, K. (2018), Examples of Ethical Issues in Business, Smallbusiness.chron.com. viewed 19 January
2019, https://smallbusiness.chron.com/examples-ethical-issues-business-24464.html
Oster, K. (2018), List of Ethical Issues in Business. viewed 19 January 2019,
https://smallbusiness.chron.com/list-ethical-issues-business-55223.html
WEEK 6
Measures for the ethical issues in the company
As Smart Software Pty Ltd. is a software development company. So, the information regarding the
software, technology, identities of employees, clients’ information etc. all is very sensitive information.
So, proper security plan whether network security or any prevention system, a proper security plan
must be built by Smart Software Company to prevent the unethical information handling practices by
the staff members of the company. Some of the security plan and measures are given below:
Yield the data: The first step towards preventing any security risks to the information of the
company is knowing where and which part of information about the company is too sensitive.
The personal information of Smart Software company about the software and strategies must
be tracked by talking to the sales, management and information technology department. Who
has or could have the access to which of the information is analyzed so to prevent any unethical
data handling practice by the employees.
Filtering out: By following the least privilege principles, the Smart Software Company must
ensure that the employee working there can only access to those information resources only
which are essential for their particular job only. Much access to the extra information will be
harmful to the organization (Ftc.gov, 2016).
Physical Security: By the means of physical security, the paper documents and the files that are
confidential to the Smart Software Company must be locked in a secured room which does not
have access to such employees. Proper locking of computer systems also must be ensured by
these practices. These practices can ensure the security of the confidential data from any
mishandling by the untrusted employee.
2019, https://smallbusiness.chron.com/examples-ethical-issues-business-24464.html
Oster, K. (2018), List of Ethical Issues in Business. viewed 19 January 2019,
https://smallbusiness.chron.com/list-ethical-issues-business-55223.html
WEEK 6
Measures for the ethical issues in the company
As Smart Software Pty Ltd. is a software development company. So, the information regarding the
software, technology, identities of employees, clients’ information etc. all is very sensitive information.
So, proper security plan whether network security or any prevention system, a proper security plan
must be built by Smart Software Company to prevent the unethical information handling practices by
the staff members of the company. Some of the security plan and measures are given below:
Yield the data: The first step towards preventing any security risks to the information of the
company is knowing where and which part of information about the company is too sensitive.
The personal information of Smart Software company about the software and strategies must
be tracked by talking to the sales, management and information technology department. Who
has or could have the access to which of the information is analyzed so to prevent any unethical
data handling practice by the employees.
Filtering out: By following the least privilege principles, the Smart Software Company must
ensure that the employee working there can only access to those information resources only
which are essential for their particular job only. Much access to the extra information will be
harmful to the organization (Ftc.gov, 2016).
Physical Security: By the means of physical security, the paper documents and the files that are
confidential to the Smart Software Company must be locked in a secured room which does not
have access to such employees. Proper locking of computer systems also must be ensured by
these practices. These practices can ensure the security of the confidential data from any
mishandling by the untrusted employee.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Network Security: Taking into account the Network security, proper firewalls and antiviruses
must be run in the systems timely for securing any data breach. Proper encryption and
authentication must be provided for the sensitive information of software development. By
preventing the remote access, the sensitive information about the company will be secured by
any unauthorized access which is due to any untrusted employee of the company (Berry, 2018).
Employee training: Training the employees for ensuring the security of information is must
practice performed by Smart Software Company. By ensuring the employees about the policies
of the company and teach them about the danger of phishing the information and imposing
several disciplinary measures taken when any violation in security policy will be there (Wheeler,
2009).
Disposing of information: If there is any information which is no longer needed by the company,
then effective disposal of paper records, documents must be available in the workplace to
prevent unauthorized access and mishandling of that information by any staff member of the
Smart Software Pty Ltd. Wiping utility programs must be installed in the systems for securely
erasing the information from the portable systems that have no longer use.
Policies and legal actions: In case of any data breach or any unauthorized or illegal activity by
any staff member of Smart Software Pty Ltd., then legal actions must be taken against that body
so that the rest staff members must think twice before doing any illegal or unethical practice
that will harm the company’s reputation.
References
Ftc.gov. (2016), Protecting Personal Information: A Guide for Business, viewed 19 January 2019,
https://www.ftc.gov/system/files/documents/plain-language/pdf-0136_proteting-personal-
information.pdf
Wheeler, K. (2009), How to Avoid Unethical Practices, viewed 19 January 2019,
https://www.ere.net/how-to-avoid-unethical-practices/
Berry, M. (2018), Network Security: Top 5 Fundamentals, viewed 19 January 2019,
http://www.itmanagerdaily.com/network-security-fundamentals/
must be run in the systems timely for securing any data breach. Proper encryption and
authentication must be provided for the sensitive information of software development. By
preventing the remote access, the sensitive information about the company will be secured by
any unauthorized access which is due to any untrusted employee of the company (Berry, 2018).
Employee training: Training the employees for ensuring the security of information is must
practice performed by Smart Software Company. By ensuring the employees about the policies
of the company and teach them about the danger of phishing the information and imposing
several disciplinary measures taken when any violation in security policy will be there (Wheeler,
2009).
Disposing of information: If there is any information which is no longer needed by the company,
then effective disposal of paper records, documents must be available in the workplace to
prevent unauthorized access and mishandling of that information by any staff member of the
Smart Software Pty Ltd. Wiping utility programs must be installed in the systems for securely
erasing the information from the portable systems that have no longer use.
Policies and legal actions: In case of any data breach or any unauthorized or illegal activity by
any staff member of Smart Software Pty Ltd., then legal actions must be taken against that body
so that the rest staff members must think twice before doing any illegal or unethical practice
that will harm the company’s reputation.
References
Ftc.gov. (2016), Protecting Personal Information: A Guide for Business, viewed 19 January 2019,
https://www.ftc.gov/system/files/documents/plain-language/pdf-0136_proteting-personal-
information.pdf
Wheeler, K. (2009), How to Avoid Unethical Practices, viewed 19 January 2019,
https://www.ere.net/how-to-avoid-unethical-practices/
Berry, M. (2018), Network Security: Top 5 Fundamentals, viewed 19 January 2019,
http://www.itmanagerdaily.com/network-security-fundamentals/
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Week 7
Information assets in the Smart Software Pty Ltd
The information asset is known as the knowledge’s body that is containing the mange and organized
data information of the business organization of Smart Software Pty Ltd in the form of a single entity.
Just like as the other type of information asset, the information assets of software organization contains
the financial types of values. These types of values of information assets will increase the relationship
among the numbers of responsible persons of the Smart Software Pty Ltd organization and these
members will use this type of information for retrieving the security-related problem within the Smart
Software Pty Ltd organization (Rouse, 2018).
But the information of information assets may contain the short lifecycle. With the help of these
information assets, the numbers of risks can be easily identified by Smart Software Pty Ltd organization
and these information assets are containing the numbers of factors such as procedures, information,
and data, people, networking, hardware and software elements. The Smart Software Pty Ltd
organization must these factors without the pre-judging all the asset’s values. The value of these factors
must be assigned later by the Smart Software Pty Ltd business organization in this process. The numbers
of information assets are identifying in the Smart Software Pty Ltd business organization which is
providing below:
People or Members Assets of Smart Software Pty Ltd organization:
The people or members of Smart Software Pty Ltd organization will work as the information asset
for this organization. This information asset is containing the external and internal personnel risk
management components. With the help of this information asset, the Smart Software Pty Ltd
business organization can easily identify numbers of risks which can be affected by the growth of the
business organization. This information asset is playing a vital role in the risk identification and
management within the Smart Software Pty Ltd organization.
Networking Assets:
The networking asset is containing the network related information of network devices of the Smart
Software Pty Ltd business organization. With the help of this networking asset, the Smart Software
Pty Ltd business organization can easily identify the numbers of risk within the business organization
due to the networking system devices of the software development business organization. A
Information assets in the Smart Software Pty Ltd
The information asset is known as the knowledge’s body that is containing the mange and organized
data information of the business organization of Smart Software Pty Ltd in the form of a single entity.
Just like as the other type of information asset, the information assets of software organization contains
the financial types of values. These types of values of information assets will increase the relationship
among the numbers of responsible persons of the Smart Software Pty Ltd organization and these
members will use this type of information for retrieving the security-related problem within the Smart
Software Pty Ltd organization (Rouse, 2018).
But the information of information assets may contain the short lifecycle. With the help of these
information assets, the numbers of risks can be easily identified by Smart Software Pty Ltd organization
and these information assets are containing the numbers of factors such as procedures, information,
and data, people, networking, hardware and software elements. The Smart Software Pty Ltd
organization must these factors without the pre-judging all the asset’s values. The value of these factors
must be assigned later by the Smart Software Pty Ltd business organization in this process. The numbers
of information assets are identifying in the Smart Software Pty Ltd business organization which is
providing below:
People or Members Assets of Smart Software Pty Ltd organization:
The people or members of Smart Software Pty Ltd organization will work as the information asset
for this organization. This information asset is containing the external and internal personnel risk
management components. With the help of this information asset, the Smart Software Pty Ltd
business organization can easily identify numbers of risks which can be affected by the growth of the
business organization. This information asset is playing a vital role in the risk identification and
management within the Smart Software Pty Ltd organization.
Networking Assets:
The networking asset is containing the network related information of network devices of the Smart
Software Pty Ltd business organization. With the help of this networking asset, the Smart Software
Pty Ltd business organization can easily identify the numbers of risk within the business organization
due to the networking system devices of the software development business organization. A
networking information asset is playing a vital role in the risk identification and management within
the Smart Software Pty Ltd business organization.
Software Assets:
The software asset is containing the details information of all the software which is used by the
Smart Software Pty Ltd business organization for developing the numbers of system and project.
This software asset’s information is working as the critical for the business organization of Smart
Software Pty Ltd. The information on software assets must be kept in a confidential manner.
Databases Assets:
This database asset is containing all the information about the product marketing, selling of
products, financing information, customers and personal information of the business organization.
This database information asset will be used by the higher authorities of the business organization
of Smart Software Pty Ltd (Networkmagazineindia, 2018).
References:
Rouse, M. (2018), What is information asset? - Definition from WhatIs.com., viewed 19 January
2019, https://whatis.techtarget.com/definition/information-assets
Networkmagazineindia. (2018), Identifying and classifying assets - Secured View - Asset
Classification and Control - Network Magazine India. viewed 19 January 2019,
http://www.networkmagazineindia.com/200212/security2.shtml
the Smart Software Pty Ltd business organization.
Software Assets:
The software asset is containing the details information of all the software which is used by the
Smart Software Pty Ltd business organization for developing the numbers of system and project.
This software asset’s information is working as the critical for the business organization of Smart
Software Pty Ltd. The information on software assets must be kept in a confidential manner.
Databases Assets:
This database asset is containing all the information about the product marketing, selling of
products, financing information, customers and personal information of the business organization.
This database information asset will be used by the higher authorities of the business organization
of Smart Software Pty Ltd (Networkmagazineindia, 2018).
References:
Rouse, M. (2018), What is information asset? - Definition from WhatIs.com., viewed 19 January
2019, https://whatis.techtarget.com/definition/information-assets
Networkmagazineindia. (2018), Identifying and classifying assets - Secured View - Asset
Classification and Control - Network Magazine India. viewed 19 January 2019,
http://www.networkmagazineindia.com/200212/security2.shtml
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Week 8
Information Security risks within the information assets of Smart Software Pty Ltd
The information security threats or risks will exploit the vulnerabilities or weaknesses of the numbers of
information assets of the business organization of the Smart Software Pty Ltd and business organization
can be faced the financial types of losses and other types of losses. Therefore, it is needed that
information security risks must be identified by the business organization. So, the Smart Software Pty
Ltd is identifying the numbers of information security threats or risks on the basis of the information
assets (Sotnikov, 2018). These information security threats or risks will also affect the reputation of the
business organization in the business market. The numbers of information security threats or risks are
identified by the Smart Software Pty Ltd which is providing below:
Information security threats in People asset:
The members of software business organization can expose the personal information of the Smart
Software Pty Ltd Company and they can relive the trustable information of the business
organization. That will affect the reputation and profits level of the business organization. These
information security threats will occur when a trustable member of the company will trust to
stranger members of other organization. To resolve this issue or risks, the privacy policy and
authentication must be used to access the information of the business organization.
Information security threats in Networking assets:
In this type of networking assets, the numbers of information security threats or risks can be
occurred such as technical hardware errors or failures, software malware attacks and other types of
risks. Due to these threats or risks, the information of networking assets will destroy and it will
affect the services of the software business organization. To resolve these issues or risks, the
numbers of risk management components can be used i.e. cloud-based components, local area
networking components and other types of network components.
Information security threats in Software Assets:
The different types of information security threats or risks will occur in the software assets of the
business organization of the Smart Software Pty Ltd. This information security threats or risks can be
technical software errors or failures, software attacks, technological obsolescence, and other type of
software issues. Due to these threats or risks, the information of software assets can be affected by
using the virus, macros, DDoS attacks, and other techniques. If the out-dated software is using in the
Information Security risks within the information assets of Smart Software Pty Ltd
The information security threats or risks will exploit the vulnerabilities or weaknesses of the numbers of
information assets of the business organization of the Smart Software Pty Ltd and business organization
can be faced the financial types of losses and other types of losses. Therefore, it is needed that
information security risks must be identified by the business organization. So, the Smart Software Pty
Ltd is identifying the numbers of information security threats or risks on the basis of the information
assets (Sotnikov, 2018). These information security threats or risks will also affect the reputation of the
business organization in the business market. The numbers of information security threats or risks are
identified by the Smart Software Pty Ltd which is providing below:
Information security threats in People asset:
The members of software business organization can expose the personal information of the Smart
Software Pty Ltd Company and they can relive the trustable information of the business
organization. That will affect the reputation and profits level of the business organization. These
information security threats will occur when a trustable member of the company will trust to
stranger members of other organization. To resolve this issue or risks, the privacy policy and
authentication must be used to access the information of the business organization.
Information security threats in Networking assets:
In this type of networking assets, the numbers of information security threats or risks can be
occurred such as technical hardware errors or failures, software malware attacks and other types of
risks. Due to these threats or risks, the information of networking assets will destroy and it will
affect the services of the software business organization. To resolve these issues or risks, the
numbers of risk management components can be used i.e. cloud-based components, local area
networking components and other types of network components.
Information security threats in Software Assets:
The different types of information security threats or risks will occur in the software assets of the
business organization of the Smart Software Pty Ltd. This information security threats or risks can be
technical software errors or failures, software attacks, technological obsolescence, and other type of
software issues. Due to these threats or risks, the information of software assets can be affected by
using the virus, macros, DDoS attacks, and other techniques. If the out-dated software is using in the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
business organization so, it will also affect this type of information assets. To resolve this type of
issue, the good quality operating system, application software, and security components can be
used by the business organization of Smart Software Pty Ltd.
Information security threats in Databases Assets:
This information asset is also containing the numbers of information security threats such as stealing
the data information of organization and other risks. Due to these risks or threats, the business
organization of Smart Software Pty Ltd will lose the business and profits with respect to competitors.
To resolve this issue, the proper data sharing method must be used by Smart Software Pty Ltd
(essaytown, 2018).
References:
Sotnikov, I. (2018), Identify and Prioritize Information Security Risks, viewed 19 January 2019,
https://blog.netwrix.com/2018/01/04/identify-and-prioritize-information-security-risks/
essaytown. (2018), Thesis: Risk Identification in Information Security, viewed 19 January 2019,
https://www.essaytown.com/subjects/paper/risk-identification-information-security/
Week 9
The risk management framework(s) that could be adopted to manage the InfoSec risks in Smart
Software Pty Ltd.
Management of risks in the field of Information Technology (IT) is known as InfoSec Risk Management
(ISRM). Risk management involves tasks of identification, treatment, analysis, evaluation, and
assessment of risks which can harm the assets, resources or reputation of the organization. It forms an
important component of security of an organization to prevent the integrity, availability, and
confidentiality of valuable resources and assets of the organization.
Identification step of risk management involves the identification of significant crown assets, threats,
controls, and vulnerabilities.
Assessment step is the procedure of bringing together all the data and information collected in the
identification step and perform analysis and evaluation of information to get a more deep
understanding of risk and vulnerabilities.
Risk can be defined by an equation: (asset value × vulnerability × threat) – security controls
issue, the good quality operating system, application software, and security components can be
used by the business organization of Smart Software Pty Ltd.
Information security threats in Databases Assets:
This information asset is also containing the numbers of information security threats such as stealing
the data information of organization and other risks. Due to these risks or threats, the business
organization of Smart Software Pty Ltd will lose the business and profits with respect to competitors.
To resolve this issue, the proper data sharing method must be used by Smart Software Pty Ltd
(essaytown, 2018).
References:
Sotnikov, I. (2018), Identify and Prioritize Information Security Risks, viewed 19 January 2019,
https://blog.netwrix.com/2018/01/04/identify-and-prioritize-information-security-risks/
essaytown. (2018), Thesis: Risk Identification in Information Security, viewed 19 January 2019,
https://www.essaytown.com/subjects/paper/risk-identification-information-security/
Week 9
The risk management framework(s) that could be adopted to manage the InfoSec risks in Smart
Software Pty Ltd.
Management of risks in the field of Information Technology (IT) is known as InfoSec Risk Management
(ISRM). Risk management involves tasks of identification, treatment, analysis, evaluation, and
assessment of risks which can harm the assets, resources or reputation of the organization. It forms an
important component of security of an organization to prevent the integrity, availability, and
confidentiality of valuable resources and assets of the organization.
Identification step of risk management involves the identification of significant crown assets, threats,
controls, and vulnerabilities.
Assessment step is the procedure of bringing together all the data and information collected in the
identification step and perform analysis and evaluation of information to get a more deep
understanding of risk and vulnerabilities.
Risk can be defined by an equation: (asset value × vulnerability × threat) – security controls
Treatment step involves the implementation of control measures, transference, acceptance, mitigation,
and avoidance of risks.
After performing all the above steps to manage risks in the organization, continuous diagnostic and
implementation of a necessary modification to existing measures help the organization to avoid security
breaches.
InfoSec Risk Management Framework (ISRMF) can be adopted by organizations to mitigate IT risks.
These frameworks define a group of tested and working practices and procedure to be followed by
organizations to eliminate certain risks and vulnerabilities. Examples of a few frameworks are:
National Institute of Standards and Technology (NIST) is one of the most renowned frameworks.
It follows the principle that says: Elimination of risk is not possible, rather risks must be
managed. The NIST framework involves (NIST SP 800-60) classification of security targets, (NIST
SP 800-53) selection of security measures, implementation of selected measures, (NIST SP 800-
53A) analysis of measures, (NIST SP 800-37) authorization of Information systems, (NIST SP 800-
137 and SP 800-53A) diagnostic and reporting of security state (Broughton, 2017).
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) is also a widely
accepted framework. The latest version of the OCTAVE framework is known as Allergo. This
framework sees the environment, information systems, and applications as containers.
Identification and assessment of risks are performed across these containers.
Control Objectives for Information and Related Technology (COBIT) framework RISK IT is a risk
management framework created by association name: Information Systems Audit and Control
Association (ISACA). COBIT’s RISK IT encloses all the IT operations and risks involved in business
continuity, development, information systems, security and all (Rouse and Fredsall, 2015).
International Standard Organization (ISO) 27001, ISO 27002, ISO 27005. These frameworks are
similar to the NIST framework. ISO 27005 includes steps: Establishment of context,
Identification, and Approximation of risk which include an examination of vulnerabilities, threats
and security controls. Analysis of risk which involves discussion, reporting, and documentation
of threat impact and likelihood and its impact on the business. It is customizable according to
the requirement of a particular business.
Committee of Sponsoring Organizations (COSO) is an efficient framework for internal control
measures. It defines five important components to attain the organization’s objectives and
goals. These components are Control Activities, Monitoring, Communication, and Information,
Controlling environment of organization and Assessment of risk and vulnerabilities. The risks are
analyzed at levels at the routine basis and monitored continuously (Cruz, 2016).
References
and avoidance of risks.
After performing all the above steps to manage risks in the organization, continuous diagnostic and
implementation of a necessary modification to existing measures help the organization to avoid security
breaches.
InfoSec Risk Management Framework (ISRMF) can be adopted by organizations to mitigate IT risks.
These frameworks define a group of tested and working practices and procedure to be followed by
organizations to eliminate certain risks and vulnerabilities. Examples of a few frameworks are:
National Institute of Standards and Technology (NIST) is one of the most renowned frameworks.
It follows the principle that says: Elimination of risk is not possible, rather risks must be
managed. The NIST framework involves (NIST SP 800-60) classification of security targets, (NIST
SP 800-53) selection of security measures, implementation of selected measures, (NIST SP 800-
53A) analysis of measures, (NIST SP 800-37) authorization of Information systems, (NIST SP 800-
137 and SP 800-53A) diagnostic and reporting of security state (Broughton, 2017).
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) is also a widely
accepted framework. The latest version of the OCTAVE framework is known as Allergo. This
framework sees the environment, information systems, and applications as containers.
Identification and assessment of risks are performed across these containers.
Control Objectives for Information and Related Technology (COBIT) framework RISK IT is a risk
management framework created by association name: Information Systems Audit and Control
Association (ISACA). COBIT’s RISK IT encloses all the IT operations and risks involved in business
continuity, development, information systems, security and all (Rouse and Fredsall, 2015).
International Standard Organization (ISO) 27001, ISO 27002, ISO 27005. These frameworks are
similar to the NIST framework. ISO 27005 includes steps: Establishment of context,
Identification, and Approximation of risk which include an examination of vulnerabilities, threats
and security controls. Analysis of risk which involves discussion, reporting, and documentation
of threat impact and likelihood and its impact on the business. It is customizable according to
the requirement of a particular business.
Committee of Sponsoring Organizations (COSO) is an efficient framework for internal control
measures. It defines five important components to attain the organization’s objectives and
goals. These components are Control Activities, Monitoring, Communication, and Information,
Controlling environment of organization and Assessment of risk and vulnerabilities. The risks are
analyzed at levels at the routine basis and monitored continuously (Cruz, 2016).
References
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Cruz, S. (2016), what are the Five Components of the COSO Framework, viewed 19 January 2019,
https://info.knowledgeleader.com/bid/161685/what-are-the-five-components-of-the-coso-framework
Rouse, M. and Fredsall, A. (2015), COBIT 5 (Control Objectives for Information and Related Technology
5), viewed 19 January 2019, https://searchcompliance.techtarget.com/definition/COBIT-5-Control-
Objectives-for-Information-and-Related-Technology-5
Broughton, K. (2017), Realizing an information security risk management framework, viewed 19 January
2019, https://swimlane.com/blog/information-security-risk-management-framework/
https://info.knowledgeleader.com/bid/161685/what-are-the-five-components-of-the-coso-framework
Rouse, M. and Fredsall, A. (2015), COBIT 5 (Control Objectives for Information and Related Technology
5), viewed 19 January 2019, https://searchcompliance.techtarget.com/definition/COBIT-5-Control-
Objectives-for-Information-and-Related-Technology-5
Broughton, K. (2017), Realizing an information security risk management framework, viewed 19 January
2019, https://swimlane.com/blog/information-security-risk-management-framework/
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Conclusion
In this assessment, we have discussed about various norms related to Smart Software Pty Ltd. There can
be various ethical issues faced by the company in their working environment which are the results by
mishandling the important and sensitive information about the company by the staff members. We have
also discussed about various practices which need to be implemented to prevent these unethical
information handling and preventing the sensitive data for maintaining the reputation and trust of
clients on the company. Many of the information assets have also been introduced in this report which
ensures the structuring of the information about the Smart Software Company about their projects.
Different risks due to these information assets have also been introduced in this report and knowledge
about the management techniques for ensuring the data security of the company to retain the
reputation as well as clients trust have also been introduced in this report.
In this assessment, we have discussed about various norms related to Smart Software Pty Ltd. There can
be various ethical issues faced by the company in their working environment which are the results by
mishandling the important and sensitive information about the company by the staff members. We have
also discussed about various practices which need to be implemented to prevent these unethical
information handling and preventing the sensitive data for maintaining the reputation and trust of
clients on the company. Many of the information assets have also been introduced in this report which
ensures the structuring of the information about the Smart Software Company about their projects.
Different risks due to these information assets have also been introduced in this report and knowledge
about the management techniques for ensuring the data security of the company to retain the
reputation as well as clients trust have also been introduced in this report.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.