Saturday, April 20, 2019
Security Risk Assessment and Audit into the connection of the internal Essay
surety Risk Assessment and Audit into the connection of the internal network with the Internet - Essay Example instruction confidentiality is maintained by preventing unauthorized persons from accessing vital system reading. Integrity handles an aspect that prevents that learning from being manipulated by other external sources. Data should also be available for use when required by the germane(predicate) parties and not hoarded by other system resources. It is thus fundamental to protect these aspects of data in lodge to ensure that education within an organization is near. In order to ensure appropriate aegis anxiety of information within an organization, it is vital that the mission teaching and the charter be defined for reference. The mission statement outlines the everyplace exclusively goals that the information certificate program within the organization seeks to achieve and provides guidelines necessary for strategic direction. The charter, on the other hand, avai ls provisions for the specific rights and privileges granted to the security team members from the organization. 1.2 Justification for use of a security metrics program A security management program cannot be complete without the use of security metrics (Dexter, 2002). These are use to show the changing maturity of an information security program over time. The combination of metrics and reporting tools can be used to display the results and outcomes of past investments in information security and guide decisions for future information systems. 2.0 IT gage Management It security risk management is considered a series of steps that are undertaken to ensure the safety of information within an organization. It is a continuous function that begins from the figure out of assessment right down to implementation. And even after implementation, the process loops back to assessment because risks to information networks are diverse and constantly change necessitating the iterative process (Sennewald, 2011). This process is detailed below figure out 1 An iterative process to IT security Management Risk assessment is the initial step that involves the recognition of potential threats to the information networks ((Boyce & Jennings, 2002). Based on the results of this assessment, an appropriate policy is developed to maintain a secure protection framework. This includes the development of security guidelines, assigning security responsibilities to members of staff and implementing total technical security protections. in one case this has been achieved, a series of compliance reviews and re-assessment activities are conducted to provide assurance that the security controls have been properly implemented. This information is collected through a process of periodic audits on the system (Purser, 2004). 3.0 Differences between a Security Risk Assessment and Security Audit 3.1 Security Risk Assessment This is conducted at the beginning of the process of security management to identify areas of change. It is often referred to as the baseline study that will be used to depict the amount of change that the organization has gone through since the last assessment (Snedaker & McCrie, 2011). It includes an analysis of all the assets and processes that relate to the system. It also identifies all the threats that could affect
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment