Security Risk Management Course Paper

In: Computers and Technology

Submitted By thejewx4
Words 2778
Pages 12
Dustin Cooper
9/30/13
Regent University
Introduction
Information systems have permeated every aspect of today’s society. Information systems allow organizations and people to carry out everyday activities in a much more efficient way. However, due to the increased dependence on information systems, it has become imperative that methodologies and practices are developed to safeguard the data that is stored and used by information systems, as well as the protection of the hardware that runs the information system. Therefore, a proper understanding of risk management and all that it entails is of the utmost importance for every IT professional, regardless of specialization. The purpose of this paper is to identify what risk management is and give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential issue and develop policies and security measures to combat these risks. Risk management is comprised of three phases: risk identification, risk assessment, and risk control (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.).

Risk Identification
Risk identification is simply the identification and documentation of the assets and the threats to those assets. Risk identification is an…...

Similar Documents

Risk Management Security

...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other......

Words: 1365 - Pages: 6

Security and Risk Management

...operations are filled with risk. On a personal level we take risks crossing the road, travelling by train and making investment decisions. From a business perspective, risk is managed at many levels - operational, marketing, legal and financial. Traditionally, much risk inherent in a business operation has been managed through insurance. In reality, we are all aware that risk can no longer be managed on an ad hoc basis, but should be sewn into the fabric of corporate management. In other words, an organization will not be able to make strategic choices to maximise performance without having a clear understanding of the risk it faces. People make risk decisions at all levels in an organization, ranging from individual responsibilities to collective decisions made at Board level. Allowing individuals too much autonomy within an organisation can have disastrous consequences. Consequently, compliance and adherence to regulations is important to all risk management programmes, which in turn have focused organisations on corporate governance as a form of management control. Risk analysis helps put in place checks and procedures that reduce the chance of negative outcomes. In relation to the risk management situation, we can always relate to Nick Leeson's case, who had lost Baring’s Bank $1.3 billion on trading derivatives, destroying Barings and its reputation within a short period of time. Inter-related Crisis and Risk management Crisis and Risk management are two......

Words: 1044 - Pages: 5

Wells Fargo Risk Management Paper

...Wells Fargo Risk Management “Risk comes from not knowing what you’re doing.”—Warren Buffet 2014 Jovan Gonzalez University of Texas at San Antonio 2/11/2014 Wells Fargo Risk Management “Risk comes from not knowing what you’re doing.”—Warren Buffet 2014 Jovan Gonzalez University of Texas at San Antonio 2/11/2014 Overview When it comes to managing key risks that financial institutions face such as, credit risk, asset/liability interest rate and market risks, Wells Fargo Board of Directors (Board) and senior management are ultimately responsible for managing these risks. Along with the help of different committees such as, The Board’s Credit Committee, who manages the annual credit quality plan, lending policies, credit trends, and high risk portfolios and concentrations. The Finance Committee manages the company’s major financial risks such as, interest rate, and market/price risk with the help of the Corporate Asset/Liability Management Committee (ALCO), who meet periodically with each other. Although there are much more committees that are in charge of overseeing other risks, for the purpose of this paper I’m mainly focusing on credit risk, market risk, and interest rate risk. According to Wells Fargo’s annual report, each Board committee receives reports and information regarding risk issues directly from senior management, who meets directly with the CEO every week to discuss strategic risk issues at the operational level. Wells Fargo also has a......

Words: 1427 - Pages: 6

A Security Risk Management Approach for E Commerce.Pdf

...A security risk management approach for e-commerce M. Warren School of Information Technology, Deakin University, Geelong, Australia W. Hutchinson School of Computer and Information Science, Edith Cowan University, Mt Lawley, Australia Keywords Electronic commerce, Risk analysis, Information systems Introduction Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be impossible to manage without them. This has been encapsulated by the recent development of e-commerce in a consumer and business environment. The situation now arises that information systems are at threat from a number of security risks and what is needed is a security method to allow for these risks to be evaluated and ensure that appropriate security countermeasures are applied. Abstract E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks. Security methods The aim of the research was too combine a information systems modeling method with a baseline security method to form a hybrid security method. This method could be used to evaluate high and low level security risks associated with e-commerce. The methods used in this model are the......

Words: 2218 - Pages: 9

Wgu - Risk Management Complete Course

...WGU - Risk Management Complete Course RM.Risk Register Risk Identification Qualitative Rating Risk Response Risk Risk Category Probability Impact Risk Score Risk Ranking Risk Response Trigger Risk Owner Boiler malfunction at Disaster Recovery Data Center, particularly in the winter, could result in the building pipes freezing and bursting, resulting in the inability to properly control the temperature and humidity, of an eco controlled room. Building Maintenance 9 10 90 1 Replace boiler, power down all equipment through Emergency Power Off (EPO) switch and remediate all damage ensued Age and number of years of in service of boiler Manager, Disaster Recovery Underground communication lines severed, creating total communication blackout of corporate campus, to include enterprise connectivity, phone lines, and all inbound and outbound traffic of any sort. Business Continuity 7 10 70 4 Utilize wireless point-to-point infrastructure for all essential business components, run temporary connections from building to building across the ground to restore connectivity, begin splicing or recabling corporat campus; dependent on extense of the damage. New construction taking place near area were communication lines are passing through. Director, Business Continuity Loss of primary electrical feed from local electrical company. Facilities Management 4 5 20 8 Turn on backup generators to power building Multiple scenarios could cause a primary electrical distrubtion,......

Words: 527 - Pages: 3

Wgu - Risk Management Complete Course

...WGU - Risk Management Complete Course IF You Want To Purchase A+ Work Then Click The Link Below , Instant Download http://www.hwnerd.com/WGU-Risk-Management-Complete-Course-1800.htm?categoryId=-1 If You Face Any Problem E- Mail Us At Contact.Hwnerd@Gmail.Com RM.Risk Register Risk Identification Qualitative Rating Risk Response Risk Risk Category Probability Impact Risk Score Risk Ranking Risk Response Trigger Risk Owner Boiler malfunction at Disaster Recovery Data Center, particularly in the winter, could result in the building pipes freezing and bursting, resulting in the inability to properly control the temperature and humidity, of an eco controlled room. Building Maintenance 9 10 90 1 Replace boiler, power down all equipment through Emergency Power Off (EPO) switch and remediate all damage ensued Age and number of years of in service of boiler Manager, Disaster Recovery Underground communication lines severed, creating total communication blackout of corporate campus, to include enterprise connectivity, phone lines, and all inbound and outbound traffic of any sort. Business Continuity 7 10 70 4 Utilize wireless point-to-point infrastructure for all essential business components, run temporary connections from building to building across the ground to restore connectivity, begin splicing or recabling corporat campus; dependent on extense of the damage. New construction taking place near area were communication lines are passing......

Words: 527 - Pages: 3

Wgu - Entire Risk Management Course

...WGU - Entire Risk Management Course http://www.homeworkminutes.com/question/view/41068/JIT2-Entire-Risk-Management-Course-All-Task RM.Risk Register Risk Identification Qualitative Rating Risk Response Risk Risk Category Probability Impact Risk Score Risk Ranking Risk Response Trigger Risk Owner Boiler malfunction at Disaster Recovery Data Center, particularly in the winter, could result in the building pipes freezing and bursting, resulting in the inability to properly control the temperature and humidity, of an eco controlled room. Building Maintenance 9 10 90 1 Replace boiler, power down all equipment through Emergency Power Off (EPO) switch and remediate all damage ensued Age and number of years of in service of boiler Manager, Disaster Recovery Underground communication lines severed, creating total communication blackout of corporate campus, to include enterprise connectivity, phone lines, and all inbound and outbound traffic of any sort. Business Continuity 7 10 70 4 Utilize wireless point-to-point infrastructure for all essential business components, run temporary connections from building to building across the ground to restore connectivity, begin splicing or recabling corporat campus; dependent on extense of the damage. New construction taking place near area were communication lines are passing through. Director, Business Continuity Loss of primary electrical feed from local electrical company. Facilities Management 4 5 20 8 Turn on backup......

Words: 501 - Pages: 3

Risk Management Paper

...PROJECT RISK MANAGEMENT(PM 595) CASE STUDY-WEEK5 FACULTY-PROFESSOR KARL HOGQUIST DATE- 8APRIL2011 SUBMITTED BY HARKIRAN SINGH D03574960 "An important manifestation of effective risk management is getting a handle on the scope, volatilities, and severities of the risks one's company faces, then tailoring an appropriate set of risk responses. Risk managers have many types of risk treatments at their disposal. Every company's risk management "solution" will be unique because the exposures and risk appetites all differ. The key is to have a reasonable under-standing of how each treatment option works, alone and in combination with others, so that decisions are informed and results are less influenced by luck than by reason. The risks that threaten a business are constantly changing and increase in complexity. That is why it is so important to have a viable risk management plan not only for our project but for the business as well. It is important that in developing our plan that we: (1) identify the threats or events that may affect the continuity of the project, (2) prioritize and set risk thresholds, (3) evaluate the tactics and the costs associated with the various proposed treatment plans for preventing or reducing the risks, (4)......

Words: 2992 - Pages: 12

Risk Management in Justice and Security

...Running Head: RISK MANAGEMENT IN JUSTICE AND SECURITY ORGANIZATIONS Risk Management in Justice and Security Organizations Rita A. Davis University of Phoenix CJA/520 Group ID: MSAS0KCAO6 RJ Schafer September 11, 2009 Risk Management in Justice and Security Organizations Introduction Risk management is essential to the security and well being of any organization. Risk management is crucial in guaranteeing that security controls and spending are proportionate with the actual risks to which the organization is exposed. Following a comprehensive and formal risk management approach requires a sound understanding of the principles of risk. Risk goes beyond the questions of efficiency, technique. This paper will discuss the role of risk management in justice and security organizations What is Risk? “Risk is the uncertainty of financial loss, the variations between actual and expected results, or the probability that a loss has occurred, or will occur… three main categories are personal, property, and liability” ( Broder, p. 3). An organization should perform a risk analysis, which is a, “management tool, the standards for which are determined...

Words: 986 - Pages: 4

Project Risk Management Paper

...Course Project Project Risk Management Contents Introduction 4 Statement of work 5 Statement of Work—Project Description and 6 WBS 8 Risk Analysis and Probability Matrix – Qualitative Analysis 10 Risk Register 11 Decision Tree 11 Decision Tree Analysis 11 Fault Analysis Tree 12 Fault Tree Analysis Summary 12 Conclusions 13 Works Cited 13 Introduction Sherdon and Anissa Webb have been working parents for over 18 years. Both individuals understand the hardship of starting out and making yourself marketable in the corporate world. Now that their eldest son is in college, and they have seen how hard it was for him to get summer jobs and student work studies, they want to make the path a bit easier for their younger children. Their hope is to start a small business that will eventually become a family affair. This business will help the community as well as allow their children to have summer work growing up and instill in them the entrepreneurial spirit. As part of working class America, Sherdon and Anissa do not have a lot of income at their disposal. They will be investing all of their savings into this business, therefore, proper planning is a must. The business that they have decided to open is an employment agency. After researching the industry, both feel as though there is a market for this service and that the time it will take to open the business is......

Words: 2262 - Pages: 10

Risk Management Paper

...Risk Analysis Register for Revedo Manufacturing Inc. By: Kayode Y. Tomoloju Course: Risk management/JIT 2 Task A Western Governors University Course Mentor: Susan Skinner March 3, 2015 Creating Risk Register for Revedo Manufacturing Inc. Risk | Description | Owner | Source | Likelihood of Occurrence* | Severity of Impact* | Controllability* | Risk OneEarthquake Due to the frequency of occurrence of earthquake in California and China, the China plant of Revedo Manufacturing Inc. could witness such disaster. – Global Risk | Chances are that earthquake could occur in China location of Revedo Manufacturing Inc. plant. This type of natural disaster is uncontrollable and will of course affect productivity and projected profit of the organization. | The entire organization stakeholders.Management, employees, trade contractors, customers, environmental group and localResident. | ( See explanation below) | HighEven though Earthquake often occurs in China, The likelihood of occurrence in in China plant is remains at medium. This is because there is historical fact that it has severe impact in the area the plant is located. | HighThe effect of EarthquakeThe companyOffice in San Jose And ChinaIs absolutelyA high severity.This is because properties will be lost,Production Will be affected, data will be destroyed and this act will definitely Lead to loss of Revenue. | HighBack up technologicaltools in remote location. Put in place effective disaster recovery......

Words: 2141 - Pages: 9

Security Risk Management Plan

...SECURITY RISK MANAGEMENT PLAN Prepared by Jeremy Davis Version control Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 | Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15 Executive summary A Security Risk Management Plan (SRMP) helps CBS by providing specific guidelines and rules to ensure risk management is considered and included. It provides guidelines for its implementation that can minimise the threats by planning, policies, processes and procedures that can help your business get everything back to normal as soon as possible. This SRMP was designed for the guidelines for its implementation of risk management in CBS and in its operations in order to ensure its security and safety of its staff and assets. Throughout this SRMP it identifies threats, procedures, policies, responsible person and etc which will provide you and your staff information to prepare you with the worst disaster event. Every business these days has a SRMP in case of any events which may occur,...

Words: 2028 - Pages: 9

The Risk Management Paper

...In organizations risk management is a necessary tool that is helpful, to secure the company to stay in top financial shape. When using risk management is vital with promises that security also governs spending are fair, with the risks that come with it to which the companies are exposed. Subsequent an inclusive, also proper risk management method needed the clear understanding of values with danger in the matter. The danger is further than inquiries, with effectiveness, also the method with it. In this paper, it will talk about the part and nature of authoritative risk management in justice and security associations why it is essential. Getting ready for threats and distinguishing assets, the reason justice also security associations deal with risk, expenditure connected with overseeing risk, penalties for not supervising the risk, Benefits also accurately performed risk analysis has for management and key partners, also the conclusion. Therefore, the reader can have an in-depth, understanding of the security and criminal justice organizations. Role and nature of organizational risk management Risk management considered one, of the best assets that an organization could have. They make sure the business is financial safeguarded when finding different business endeavors they interested in investing into to broadening their company enterprise. “The Risk Management Function has been regarded as an advisory function for senior management rather than a......

Words: 2227 - Pages: 9

Security Risk Management

...Security Risk Management Plan Sydney Head Office 175 Sydney Rd Sydney NSW 2000 DOCUMENT VERSION CONTROL Document Name: | Amalgamation of GSC | Version Number: | 0.1 | Date: | 18 July 2016 | Reviewed By: | | Authorised By: | | CHANGE HISTORY Version | Issue Date | Author | Reason for Change | 0.1 | 20.05 | ABCELLO | Original Document | | | | | | | | | | | | | | | | | | | | | | | | | DISTRIBUTION LIST Copy No | Name | Location | 1. | Master | Project Office | 2. | <Project Manager> | | 3. | <Project Sponsor> | | 4. | <Executive Sponsor> | | 5. | | | | | | | | | | | | | | | CONTENTS INTRODUCTION | 4 | | | SCOPE OF WORKS | 4 | DISCLAIMER AND LIMITATIONS | 4 | | | METHODOLOGY | 4 | | | STRATEGIC CONTENT | 4 | STAKEHOLDER LIST | 5 | RISK MANAGEMENT CONTEXT | 5 | THE RISK MANAGEMENT PROCESS | 6 | | | ANALYSIS OF SECURITY RISK | 7 | TREATMENT OPTIONS | 7 | | | SOURCES OF EVENT RISK | 8 | | | RISK IMPLEMENTATION/RISK IDENTIFICATION | 9 | | | RISK ASSESSMENT SUMMARY | 9 | RISK 1 - Operational | 10 | RISK 2 - Strategic | 10 | RISK 3 - Human / Animal Resources | 11 | RISK 4 - Systems | 11 | RISK 5 - Financial | 12 | RISK 6 - Legal | 12 | | | RISK ASSESSMENT TABLES & CONSEQUENCE | 13 -18 | STAKEHOLDERS SIGN OFF | 19 | BIBLIOGRAPHY | 20 | |......

Words: 3116 - Pages: 13

Project Risk Management Course Pm595

...DEVRY Development of Boeing 787 Dreamliner Course Project II Prepared for: Professor James Hiegel Project Risk Management Course PM595 Prepared by: Muzammil Qurashi February 19, 2012 [Type the abstract of the document here. The abstract is typically a short summary of the contents of the document. Type the abstract of the document here. The abstract is typically a short summary of the contents of the document.]   Table of Contents Introduction Page 3 Sources of Construction Project Risk Page 4 Systems to Address Construction Project Risk Page 6 Catastrophic Failure Fault Tree Page 8 Discussion of Fault Tree Page 8 Fault Tree One Page 10 Discussion of Fault Tree One Page 10 Fault Tree Two Page 11 Discussion of Fault Tree Two Page 11 Conclusions Page 14 Works Cited Page 15   Introduction Boeing Commercial Airplanes' launched the 787 Dreamliner, a super-efficient airplane in order to meet the growing needs and preferences of an international audience across the globe. An international team of top aerospace companies is building the airplane, led by Boeing at its Everett, Wash. facility near Seattle (Boeing.com), According to Boeing’s statement, t\he 787-8 Dreamliner will carry 210 - 250 passengers on routes of 7,650 to 8,200 nautical miles (14,200 to 15,200 kilometers), while the 787-9 Dreamliner will carry 250 - 290 passengers on routes of 8,000 to 8,500 nautical miles (14,800 to 15,750 kilometers)....

Words: 2941 - Pages: 12