Discussion 1
From a management perspective, analyze the overall industry requirements and major organizational challenges of forming a sound information security program, and ascertain the fundamental manner in which regulations and compliancy may factor into the challenges in question.
A security policy defines limitations on individual behavior or system performance and details activities that are permitted, controlled or prohibited within the company. In order for policies to be effectual, senior management must endorse them, they must be communicated to all employees, undergo recurring reviews, and be assessed for usefulness. A security program encompasses all of the required pieces necessary to successfully protect a business. It should include policies, requirements, standards and procedures. Security plans should be operative at all levels of a corporation to be effective. Management should communicate a formal explanation of what is acceptable by all employees. Management should also clearly dictate what the consequences of noncompliance are. Organizations can use the ISO-27002:2005 as an outline to create a security policy.
Gregory, P. (2010). CISSP Guide to Security Essentials. Boston, MA: Cengage Learning.
From the e-Activity, compare and contrast quantitative, qualitative, and hybrid risk assessment methodologies overall. Give one (1) example of when you would use each of the methods over the others. Justify your response.
Qualitative risk analysis is used for ranking risk occurrences by calculating and relating their likelihood of occurrence and impact to identify requirements for additional analysis or action. It identifies and ranks the potential incidents, in combination with the likelihood of their happening. Quantitative risk analysis describes the process used to numerically analyze the effect of an identified risk. Qualitative risk assessment happens with a pre-defined range of resources or activities. The assets can be made up of
A security policy defines limitations on individual behavior or system performance and details activities that are permitted, controlled or prohibited within the company. In order for policies to be effectual, senior management must endorse them, they must be communicated to all employees, undergo recurring reviews, and be assessed for usefulness. A security program encompasses all of the required pieces necessary to successfully protect a business. It should include policies, requirements, standards and procedures. Security plans should be operative at all levels of a corporation to be effective. Management should communicate a formal explanation of what is acceptable by all employees. Management should also clearly dictate what the consequences of noncompliance are. Organizations can use the ISO-27002:2005 as an outline to create a security policy.
Gregory, P. (2010). CISSP Guide to Security Essentials. Boston, MA: Cengage Learning.
From the e-Activity, compare and contrast quantitative, qualitative, and hybrid risk assessment methodologies overall. Give one (1) example of when you would use each of the methods over the others. Justify your response.
Qualitative risk analysis is used for ranking risk occurrences by calculating and relating their likelihood of occurrence and impact to identify requirements for additional analysis or action. It identifies and ranks the potential incidents, in combination with the likelihood of their happening. Quantitative risk analysis describes the process used to numerically analyze the effect of an identified risk. Qualitative risk assessment happens with a pre-defined range of resources or activities. The assets can be made up of