Information System Risks
Information System Risk Management
Claudia I. Campos
CJA 570 Cyber Crime and Information Systems Security
July 5, 2010
Steven Bolt
Abstract
The realization of potential risks to an organizations information system has been increased in the past few years. The principles of risk management, vulnerabilities, internal threats, and external threats is the first step in determining which levels of security are necessary to protect and limit the risks to an organizations information system. This essay will describe the principles of risk management as they pertain to the information system and its associated technology of Professional Security Training School. Moreover, this essay will include an exploration of the vulnerabilities of their system, and specifically address the nature of potential internal and external threats, including natural or unintended events that can jeopardize the system. Finally, it will determine what levels of security are appropriate to secure the information system while allowing a maximum amount of uninterrupted workflow.
Information System Risk Management Businesses realize that the security of their information system is a major part for an organization in the continued pursuit of organizational operations and providing services. The principles of risk management, identification, assessment, and prioritization must be determined by management prior to establish and implementing levels of information system security. In addition, vulnerabilities, internal threats, and external threats must be uncovered and addressed to secure the information system. Establishing different levels of security to secure the information system of Professional Security Training School (PSTS) will limit potential security threats. In analyzing the information system risks of PSTS, decisions must be made to deter or limit potential security threats, which are the client database, staff accessibility, and client privacy.
Risk Management
Claudia I. Campos
CJA 570 Cyber Crime and Information Systems Security
July 5, 2010
Steven Bolt
Abstract
The realization of potential risks to an organizations information system has been increased in the past few years. The principles of risk management, vulnerabilities, internal threats, and external threats is the first step in determining which levels of security are necessary to protect and limit the risks to an organizations information system. This essay will describe the principles of risk management as they pertain to the information system and its associated technology of Professional Security Training School. Moreover, this essay will include an exploration of the vulnerabilities of their system, and specifically address the nature of potential internal and external threats, including natural or unintended events that can jeopardize the system. Finally, it will determine what levels of security are appropriate to secure the information system while allowing a maximum amount of uninterrupted workflow.
Information System Risk Management Businesses realize that the security of their information system is a major part for an organization in the continued pursuit of organizational operations and providing services. The principles of risk management, identification, assessment, and prioritization must be determined by management prior to establish and implementing levels of information system security. In addition, vulnerabilities, internal threats, and external threats must be uncovered and addressed to secure the information system. Establishing different levels of security to secure the information system of Professional Security Training School (PSTS) will limit potential security threats. In analyzing the information system risks of PSTS, decisions must be made to deter or limit potential security threats, which are the client database, staff accessibility, and client privacy.
Risk Management
References: Choice Point Government Services. (September 2009). Texas Multiple Award Schedule. TXMAS-3-520010. Retrieved from http://www.choicepointgov.com/texas.pdf Gasser, M. (1988): Building a secure computer system; Cambridge University Press. Retrieved from http://nucia.unomaha.edu/dspace/documents/gasserbook.pdf United States Department of Agriculture. (February 2005). USDA Risk Management Methodology. DM 3540-001. Retrieved from http://www.ocio.usda.gov/directives/doc/DM3540-001.pdf