Information governance, management and security Student ID W14046379 Module ID LI0812 - Information governance management and security Andrew Rice

Information governance, management and security Student ID W14046379 Module ID LI0812

This preview shows page 1 - 6 out of 38 pages.

Information governance, management and security Andrew Rice Student ID W14046379 Module ID: LI0812 16 th September 2015 Andrew Rice Student ID: W14046379 Information Assets Module ID: LI0812 Page 1 of 38
Image of page 1
24 Abstract This assignment provides an overview of risk pertaining to the running of a small property development company. It identifies the information assets that the risks could compromise and a sample of the treatment plan proposed for those risks. Having undertaken this assignment I have developed an understanding of just how detailed risk management can become and an appreciation of the effort involved for successful implementation of information governance. It certainly is not a subject that should be taken lightly as it can save the business in terms of money and reputation from significant damage. The report provides a critical assessment of the risk management technique applied and assessment of the people, systems and process involved in information governance. Acknowledgements I would like to acknowledge Herbert Daly for helping us broaden our thinking on this subject. Sean Milford for layout and styling and my wife for putting up with me and reviewing my work. Andrew Rice Student ID: W14046379 Information Assets Module ID: LI0812 Page 2 of 38
Image of page 2
25 Table of Contents Abstract ................................................................................................................................................... 2 Acknowledgements ................................................................................................................................ 2 Introduction ............................................................................................................................................ 5 Inventory of information assets (20%) .................................................................................................. 5 Value of Information Assets ............................................................................................................... 8 Importance of the Information Asset Register .................................................................................. 9 Risk Management (50%) ...................................................................................................................... 10 Roles and responsibilities in risk assessment .................................................................................. 11 Risk assessment ................................................................................................................................ 12 Impact of compromise – security profile ........................................................................................ 12 Impact Assessment .......................................................................................................................... 17 Identified risks .................................................................................................................................. 18 Proposed Risk Treatment Plan ......................................................................................................... 24 Summary .......................................................................................................................................... 29 Risk Assessment Report ........................................................................................................................... 30 Treatment strategies by size of company ........................................................................................ 30 Domino effect of a security breach ................................................................................................. 31 Information Governance and legal requirements ............................................................................... 32 People, processes and systems in record management ..................................................................... 32 Conclusion(s) ........................................................................................................................................ 34 References ................................................................................................................................................ 35 Appendices ........................................................................................................................................... 38 Appendix A – Abbreviations ............................................................................................................. 38 Appendix B - Examples of typical threats ........................................................................................ 39 Table 1 Information Assets Register .......................................................................................................... 6 Table 2: Roles and responsibilities ........................................................................................................... 11 Table 3: Impact assessment ..................................................................................................................... 13 Table 4: Threat impact matrix .................................................................................................................. 16 Table 5: Business Impact Categories and Associated Scoring Values ..................................................... 17 Table 6: Risk Treatment Options .............................................................................................................. 29 Table 7: Risk heat map ............................................................................................................................. 29 Figure 1: Gartner valuation models ........................................................................................................... 8 Figure 2: ISO27005 Risk management process ....................................................................................... 15 Figure 3: Risk treatment plan .................................................................................................................. 28 Andrew Rice Student ID: W14046379 Information Assets Module ID: LI0812 Page 3 of 38
Image of page 3
24 Figure 4: Domino effect of a security breach .......................................................................................... 31 Report Section Word Count – 1817 (Excluding cover, tables, references etc.) Andrew Rice Student ID: W14046379 Information Assets Module ID: LI0812 Page 4 of 38
Image of page 4
25 Introduction Statement of the issue we are about to address Inventory of information assets (20%) The intention of this inventory is to capture the information assets and the properties pertaining to those assets that are required to support a growing property development company. This company is based in the UK and governed by UK law and EU directives including amongst others. directive
Image of page 5

Want to read all 38 pages?

Image of page 6

Want to read all 38 pages?

You've reached the end of your free preview.

Want to read all 38 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes