StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Risk Management - Case Study Example

Cite this document
Summary
Information security is the protection of information for business continuity as it is fundamental for maximizing the business opportunities and return on investment. Information security and risk management has become a critical business discipline with sales, marketing,…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.4% of users find it useful
Information Security Risk Management
Read Text Preview

Extract of sample "Information Security Risk Management"

Information Security Risk Management Introduction Information security is the protection of information for business continuity as it is fundamental for maximizing the business opportunities and return on investment. Information security and risk management has become a critical business discipline with sales, marketing, financial management and Human resource. 2. LiteratureRisk management and its role in the organizationRisk was called as a main cause for uncertainty in the business organizations.

Therefore, business companies focus upon the risk identification, and manage it before these risks impact the business decisions. Organizations having control over risk management can compromise confidently for future decisions. Organization face internal as well as external actor, which create uncertainty for organizations in achieving the objectives. Hall (2010) called that the risk management was a hybrid function that had bridged the number of disciplines to reduce or avoid loss for organizations.

Proactive activities are attempted to mitigate or prevent loss in the organizations.Risk management techniques to identify and prioritize risk factorsTavakkoli-Moghaddam et al., (2011) used the compromise ranking (VIKOR) and fuzzy entropy techniques in engineering, procurement and construction projects. Separate techniques for risk identification and risk prioritization are used. Qualitative assessment helps the management to prioritize the risks identified by calculating their impacts and impacts.

Except these techniques, Monte Carlo method is most significantly used for risk identification. This method is based on probability and their impacts. Monte Carlo method shows the correlation between the identified variables for a project.Assessment based on the likelihood of adverse events and its effectsIdentification of vulnerabilities and threats through risk assessment helps in determining the impacts of each risk. However, risk assessment becomes a complex undertaking when imperfect information is provided.

Value assignment to information system business processes including the costs, recovery and their impacts can be measured in indirect and direct costs.Exposure of sensitive information about a specific business area of the organization has wide consequences and impacts the reputation or regard of the organization. Attacker can falsify the information, which is important for future decisions. Both qualitative and quantitative risk assessment technique can be used (Carroll, 2009).The results of the risk identification processRisk identification requires the risk treatment.

Risk treatment is a range of options used for risk evaluation and plan preparation for risk treatment. Planning the risk treatment also requires plans’ implementation. In an organization, when risk about information security has been identified, it requires to mitigate the impacts of these risks. However, risk treatment options must be proportionate to the importance of risks and treatment cost. Risk treatment plan includes the risk acceptance, risk avoidance, reduce the risk, risk transferring and risk financing.

Finally, when risk treatment plan has been implemented, continuous monitoring and review process becomes the essential part of information security management (Carroll, 2009).3. ConclusionIn this paper, different aspects of information and risk management have been addressed. Organizations mostly focus on the information security to control over the confidentiality that support for future business decisions. In addition to the compromise ranking (VIKOR) and fuzzy entropy techniques, Monte Carlo method has been preferred for the risk identification and risk prioritization.

Risk assessment and outcome of risk identification process is also discussed.ReferencesCarroll R. (2009). Risk management handbook for health care organizations, Jossey-Bass Publishers.Hall S. (2010). The role of risk management in healthcare organizations, Available form http://www.psfinc.com/sites/default/files/print-pdfs/the-role-of-risk-management-in-healthcare-operations.pdf Accessed on 08/05/2014.Tavakkoli-Moghaddam R., Mousavi M.S., and Hashemi H. (2011). A fuzzy comprehensive approach for risk identification and prioritization simultaneously in EPC projects, Available from http://cdn.

intechopen.com/pdfs-wm/19863.pdf Accessed on 08/05/2014.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1645443-information-security-risk-management
(Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 Words)
https://studentshare.org/information-technology/1645443-information-security-risk-management.
“Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/information-technology/1645443-information-security-risk-management.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Risk Management

Accidents and catastrophes: risk management

It is partially developed in the context that certain integral features of the process of risk management have been actualized, and can be subsequently applied to any school of thought wanting to get a risk identification for itself.... "Management can use risk assessment data to make informed risk management decisions based on a full understanding of the operational risks" (FFIEC).... Risk factor does not entail more cover, but better management!...
11 Pages (2750 words) Essay

Identifying Potential Risk, Response, and Recovery

The activities involved do not affect the operation of the network transmission making it hard for the sender and recipient to notice… Therefore, some measures must be put in place to address the eavesdropping threats (Kolkowska & Gurpreet, 2013).... These include the use of encrypted connections such as secure Shell (SSH) as well as the Hypertext Transfer Protocol Secure This makes it hard for the attackers defacing or reading the data....
5 Pages (1250 words) Assignment

How Successful the Austin Hil Project Was

The manner in which Matt responded to the… In addition he pointed out the need to incorporate the proactive management with respect to stakeholders when the question was posted to him on what he felt could On the other hand, through Matt interview we are able to understand the success of the project as a product of his ability to distill the shifting diagram from the previous design meeting in which people the idea and the dream of the project.... He pointed out on the need to include the fireplace within the building advancement further to explain how people were ready and willingly contributed towards the project based on the fact that they were able to provide effective leadership based on effective communication to convey every significant information to the stakeholders while at the same time embracing proactive management style to every stakeholder of the project....
6 Pages (1500 words) Essay

Policies and Procedures for Washington Posts Information System

nbsp; This is being addressed by the Generally Accepted information security Principles (GAISP), under the “Pervasive Principle” wherein it addresses the parameters of confidentiality, integrity, and availability of information, as shown in the guidelines developed by GAISP.... They implement two core information systems – the management Information System (MIS) and Knowledge Information Systems (KMS).... The MIS includes information that is accessible only by the members of the top management and is facilitated to assist them in the decision-making process (Laudon, and Laudon, 2005)....
7 Pages (1750 words) Case Study

Enterprise Security Policy Plan for MEMATECH Solutions Limited

The agencies must attain compliance with the general information security objectives of the company including the regulations, law, standards, and policy where the data and resources are not confined to personal information.... he company is encouraged to implement the security requirements according to the Enterprise information security Policy at stringent agency policy according to the business and agency related regulations, directives, and laws (Tudor, 2001)....
5 Pages (1250 words) Case Study

Management and Information Security - Project Management Body of Knowledge

The object of analysis for the purpose of this paper "Management and information security - Project Management Body of Knowledge" is the Project Management Body of Knowledge as a collection of processes and various knowledge areas which are involved in the project management discipline.... hellip; The Project management Body of Knowledge is an internationally recognized standard that provides fundamentals of project management in areas that include construction, engineering, automobile, etc....
8 Pages (2000 words) Assignment

Information and Communication Technology Management and Information Security

This paper "Information and Communication Technology Management and information security" examines different categories that can be used for sensitive information answering the question of when designing a system, how does one determine how many categories are necessary.... When designing a system the determination of the number of categories needed for information security depends on the type of information that is in the organization as well as the purpose of the organization or institution....
7 Pages (1750 words) Assignment

Personal Computing Situation Security Assessment

A discussion on the more likely security risk to occur will be discussed.... Unauthorized access to private data is a common security risk that leads to a lot of damage to the data owner in this day and age.... The main risk to software is theft or copying software illegally and intentional deletion of the software.... loud storage serviceSecurity risk around cloud storage services used provides data storage space to back up data in the form of folders and documents are still evolving....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us