Course Hero Logo

ITM 527 - Mod 1 - Case - Systematically Conduct Risk...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 4 out of 14 pages.

Systematically Conduct Risk Assessments1Running head: HOW TO SYSTEMATICALLY CONDUCT RISK ASSESSMENTSHow to Systematically Conduct Risk Assessments of Information System SecurityRisks? –Fundamentals and MethodsTUI UniversityMr. NecessaryModule 1: CASE#1ITM527: IT Security and Disaster Recovery ManagementSam BiragbaraFebruary, 22, 2015
Systematically Conduct Risk Assessments2How to Systematically Conduct Risk Assessments of Information System Security Risks?–Fundamentals and MethodsIn today’s world, it has become virtually impossible to walk into any organizationthat does not have some form of Information Technology as a part of their businesspractices.In every organization, regardless of its industry or purpose, there is onecommon theme: protect their mission and their assets.With the advancement ofInformation Technology, we have seen the rise of dependency of Information Technologyto do exactly that; protect the organizations mission and assets.This article will discussrisk management topics such as the importance, principles and fundamentals of riskmanagement; the importance and fundamentals of risk assessment; and the methods,challenges, and solutions to conducting risk assessments of Information Systems.Importance of Risk Management for Information System SecurityBefore we begin diving into the wonderful world of exploring the important ofrisk management and its relationship with Information Technology, we must have astrong understanding of the term ‘Risk Management’.For the purpose of the article, wewill be using the definition of ‘Risk Management’ as defined by the InternationalOrganization for Standardization (ISO) publication ISO 31000:2009 – Risk Management– Principles and Guidelines.ISO 31000:2009 defines ‘Risk Management’ as‘coordinated activities to direct and control an organization with regard to risk’ (ISO31000:2009, 2011).In other words, activities such as identifying, assessing, prioritizingand monitoring risks within the organization and controlling those risks to minimize thepotential threat or loss an organization might incur.However, not all risk is negative, risk
Systematically Conduct Risk Assessments3can also be rewarding and therefore, the same applies except for the organization wouldconsider maximizing those rewards.As the heading suggests, we will discuss the importance of risk management forInformation System security.We already covered the first half, Risk Management, andnow we will discuss Information System Security.Information System Security, definedby the National Institute of Standards and Technology, is the ‘protection of informationand information systems from unauthorized access, use, disclosure, disruption,modification, or destruction in order to provide confidentiality, integrity, and availability’(NIST SP 800-39, 2011).In layman’s terms, as current or future CIOs and IT Managers,it is the processes and procedures that are put into place in the organization to protect the

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 14 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Summer
Professor
NoProfessor
Tags
Risk Assessments

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture