Preview

Isc363 Phase 3

Powerful Essays
Open Document
Open Document
1899 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Isc363 Phase 3
Assignment 6: Case Study Phase 3
Jerry Cunningham
Professor Tannoury
ISSC363 B001 SPRING 15

PHASE 3: The level of security can determine the rise and fall of any organization, no matter how big or small the company may seem, so mitigating risk should always be the number one priority. Risk mitigation can be define as the process of implementing any form strategic actions that will reduce the level of threats that may cause financial hardship towards the organization. In addition, risk mitigation tracks, identify and evaluation all form of risk, including new and old. The focus of risk mitigation is to assist the organization’s department of security administration with identifying a list of potential problems that
…show more content…

I was able to justify my reasoning by evaluating the total time it would have taken me to calculate the total cost; highlight any areas that show the likelihood of any form of risk occurring in the near future. Reducing any changes and the impact of risk is extremely vital and should be considered more vital to business, than losing capital when a risk has occurred. For businesses, the primary goal is to alleviate as much risk as possible and develop before addressing your business process. For this purpose, According to Walsh (20014), “There are a total of 9 steps that should be utilized when performing after conducting a Risk Assessment; characterization, threat identification, vulnerability identification, control analysis, likelihood of exploitation, impact, risk determination, recommendations for control, and results” (Walsh, 2014).

As we progress forward, a few specific requirements such as software and data, information and hardware must be obtained in order to identify the type of system needed. The collected information is vital when determining the type of classifications and what is needed to insure the items or information is being secured. When it comes to threat identification, are level of threats is categorize
…show more content…

Information will be easy obtained and backed up every three to four hours. Organization will conduct a monthly drill to test their level of security and the ability to become fully mission ready within 12 hours. Restrictive policies should be in place to prevent the use of personal devices on the organizations’ computers

References

Gibson, D. (2010). Managing Risk in Information Systems. Sudbury, MA. Jones & Bartlett Learning. ISBN: 978-0-7637-9187-2

Ready. (2014, January 28). Risk Assessment Sources. Retrieved from http://www.ready.gov/risk-assessment

Risk Management Plan Template. (2014, November 12). Retrieved from http://www.projectmanagementdocs.com/project-planning-templates/risk-management-plan.html

Sims, S. (2015). Qualitative vs. Quantitative Risk Assessment. Retrieved from http://www.sans.edu/research/leadership-laboratory/article/risk-assessment
The Federal Highway Administration’s Office. (2015, May). 5. Risk Mitigation and Planning - Risk Assessment and Allocation for Highway Construction Management | Office of International Programs | FHWA. Retrieved from http://international.fhwa.dot.gov/riskassess/risk_hcm06

United States General Accounting Office. (1999, November 19). Information Security Risk Assessment. Retrieved from


You May Also Find These Documents Helpful

  • Good Essays

    Global’s risk management approach was a key factor in the success of their efforts to protecting their client’s information assets. By utilizing risk management strategies Global was able to detect vulnerabilities where there were the most likelihood of threat and implement controls to detect and/or prevent breaches of the security controls. The risk management process ensured Global addressed security measures at all levels of the…

    • 515 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    I was able to review the duplicate KG’s and resolve them. There were several different issues that cause the duplication.…

    • 64 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    IS3550 Final Project

    • 4998 Words
    • 19 Pages

    The Federal Acquisition Regulation (FAR), issued by the Department of Defense, guides the content of military contracts. Federal government organizations other than the military and intelligence agencies must follow the Federal Information Security Management Act of 2002. Federal Information Processing Standards (FIPS) 200, "Minimum Security Requirements for Federal Information and Information Systems," defines the minimum security requirements that information systems must meet. While the military does not have to follow FISMA, they do enact the security policies contained in the act. The military also implements the security controls found in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems; and NIST SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations. NIST SP 800-53, Appendix F, contains the Security Control Catalog. There is currently no specific law directing the information security policy content for defense contractors. However, Congress is proposing to make the policies in FISMA and the security controls in NIST SP 800-53 applicable to contractors that are awarded military contracts. Information Assurance Implementation, DoD Instruction 8500.2, states the computer network security controls required to be implemented in military computer networks (Enclosure 4, Attachments 1 thru 5). The other references noted in this paper give broad…

    • 4998 Words
    • 19 Pages
    Powerful Essays
  • Good Essays

    You Decide- Sec572 Week 2

    • 577 Words
    • 3 Pages

    To develop network security strategies that will ensure that the organization's network is protected from both internal and external security risks. A summary of the steps I can take to mitigate the risk in the following areas: Denial-of-Service attacks (DoS), Distributed Denial-of-Service attacks (DDoS), Masquerading and IP Spoofing, Smurf attacks, Land.c attacks, Man-in-the-Middle attacks.…

    • 577 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Technical Paper

    • 2659 Words
    • 9 Pages

    The purpose of this risk assessment is to evaluate the adequacy of the Global Finance, Inc. security and network. This risk assessment provides a structured qualitative assessment of the operational environment. It addresses sensitivity, threats, vulnerabilities, risks and safeguards. The assessment recommends cost effective safeguards to mitigate threats and associated exploitable vulnerabilities. Safeguards are security features and controls that, when added to or included…

    • 2659 Words
    • 9 Pages
    Powerful Essays
  • Powerful Essays

    There are quite a few vulnerabilities that can affect organizations productivity. These vulnerabilities can be environmental, utilities & service, criminal behavior, equipment failure, and information security issues. To protect the organization against loss of productivity and data loss we have created an assessment of the potential danger each category of threat presents. We created a worksheet (located on the last page of this document) listing each type of vulnerability and ranked the probability and severity of each of the threats. Using a probability and severity legend that had one…

    • 2036 Words
    • 9 Pages
    Powerful Essays
  • Satisfactory Essays

    Is 305 Lab 1

    • 538 Words
    • 3 Pages

    One of the most important first steps to risk management and implementing a risk mitigation strategy is to identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities and map them to the domain that these impact from a risk management perspective.…

    • 538 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    The use of a software risk management will identify and analyze threats for success (i.e., risks) and reduce the chance of failure of a project (Schmidt, 2011). The process to select and acquire an information system for…

    • 763 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    Week 10 Technical Paper

    • 2283 Words
    • 10 Pages

    Every organization is faced with some risk or potential threat that could cause an interruption to the organization’s operations. These risks and threats can come from within or outside of the organization. To prepare for the worst that could happen, organizations must focus their attention on how to assess different types of risks to protect the organization from the possible negative effects to the daily operations. Performing a risk assessment is one of the most important steps in the risk management process (eHow, 2011).…

    • 2283 Words
    • 10 Pages
    Powerful Essays
  • Good Essays

    Risk Management Plan

    • 5161 Words
    • 21 Pages

    Risk Readiness Assessment. (2005). Retrieved on April 5, 2006 from the World Wide Web: http://www-1.ibm.com/services/us/index.wss/offering/bcrs/a1009190…

    • 5161 Words
    • 21 Pages
    Good Essays
  • Good Essays

    Jet Propulsion Laboratory

    • 1710 Words
    • 7 Pages

    opportunity and the cost of failure” (VMware 2013). This methodology was a key process to deciding to…

    • 1710 Words
    • 7 Pages
    Good Essays
  • Better Essays

    Risk management can be described as like the other management procedures of identification, assessment and prioritization of risk. Actually risk management is very much equal to walking on the rope. As defined in ISO 31000 the effect of uncertainty on objectives whether it positive or negative. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.…

    • 2013 Words
    • 9 Pages
    Better Essays
  • Powerful Essays

    Typically, a project's qualitative risk assessment will recognize some risks whose occurrence is so likely or whose consequences are so serious that further quantitative analysis is warranted. A key purpose of quantitative risk analysis is to combine the effects of the various identified and assessed risk events into an overall project risk estimate. This overall assessment of risks can be used by the transportation agency to make go/no-go decisions about a project. It can help agencies view projects from the contractor's perspective through a better understanding of the contractor's risks. More commonly, the overall risk assessment is used to determine cost and schedule contingency values and to quantify individual impacts of high-risk events. The ultimate purpose of quantitative analysis, however, is not only to compute numerical risk values but also to provide a basis for evaluating the effectiveness of risk management or risk allocation strategies.…

    • 4164 Words
    • 17 Pages
    Powerful Essays
  • Powerful Essays

    Risk Analysis

    • 1529 Words
    • 5 Pages

    There is a risk in every business venture due to uncertainty of being ale to meet expectations the business sets for itself. Our world is a market of consumers where the stakes of conducting business are unpredictable and sometimes random. With any business venture comes risks that need to be taken into consideration when attempting to reach consumers and to establish a company's strengths, weaknesses, opportunities, and potential threats to reaching accomplishments. Risk can be divided broadly into economic risks, political risks, social risks and business risks. Risk management is a part of conventional corporate life that touches all facets of every organization.…

    • 1529 Words
    • 5 Pages
    Powerful Essays
  • Powerful Essays

    dissertation

    • 7688 Words
    • 21 Pages

    Zou, P. X., Chen, Y., & Chan, T.-Y. (2010). Understanding and Improving Your Risk Management capability. Construction Engineering & Management, 136(8), 854-870.…

    • 7688 Words
    • 21 Pages
    Powerful Essays