Saturday, September 7, 2019

Security Risk Assessment and Audit into the connection of the internal Essay

Security Risk Assessment and Audit into the connection of the internal network with the Internet - Essay Example Information confidentiality is maintained by preventing unauthorized persons from accessing vital system information. Integrity handles an aspect that prevents that information from being manipulated by other external sources. Data should also be available for use when required by the relevant parties and not hoarded by other system resources. It is thus fundamental to protect these aspects of data in order to ensure that information within an organization is secure. In order to ensure appropriate security management of information within an organization, it is vital that the mission statement and the charter be defined for reference. The mission statement outlines the overall goals that the information security program within the organization seeks to achieve and provides guidelines necessary for strategic direction. The charter, on the other hand, avails provisions for the specific rights and privileges granted to the security team members from the organization. 1.2 Justification f or use of a security metrics program A security management program cannot be complete without the use of security metrics (Dexter, 2002). These are used to show the changing maturity of an information security program over time. The combination of metrics and reporting tools can be used to display the results and outcomes of past investments in information security and guide decisions for future information systems. 2.0 IT Security Management It security risk management is considered a series of steps that are undertaken to ensure the safety of information within an organization. It is a continuous process that begins from the process of assessment right down to implementation. And even after implementation, the process loops back to assessment because risks to information networks are diverse and constantly change necessitating the iterative process (Sennewald, 2011). This process is detailed below: Figure 1: An iterative process to IT security Management Risk assessment is the ini tial step that involves the identification of potential threats to the information networks ((Boyce & Jennings, 2002). Based on the results of this assessment, an appropriate policy is developed to maintain a secure protection framework. This includes the development of security guidelines, assigning security responsibilities to members of staff and implementing total technical security protections. Once this has been achieved, a series of compliance reviews and re-assessment activities are conducted to provide assurance that the security controls have been properly implemented. This information is collected through a process of periodic audits on the system (Purser, 2004). 3.0 Differences between a Security Risk Assessment and Security Audit 3.1 Security Risk Assessment This is conducted at the beginning of the process of security management to identify areas of change. It is often referred to as the baseline study that will be used to depict the amount of change that the organizat ion has gone through since the last assessment (Snedaker & McCrie, 2011). It includes an analysis of all the assets and processes that relate to the system. It also identifies all the threats that could affect

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.