Register to read the introduction…
Risk identification, risk assessment/analysis and risk control. Risk identification involves the examination and identification of the security status of the organization’s technology and the risk it faces. Risk assessment is the process of determining the extent to which the organization’s information assets are exposed or are at risk. Risk control involves putting controls in place to reduce the risk to an organisation’s data and information systems. The process of risk identification is broken down into stages. First the information security team identifies organization assets which include people, procedures, data, software, and hardware. Next the assets are classified and prioritized. Finally, threats are identified and prioritized. This final stage of threat identification is important because it helps the information security team to know and understand the possible risks out there in order to devise appropriate controls of mitigating against them. These potential threats include though not limited to the following.
1. Compromise of intellectual property: This occurs when attackers gain access to sensitive material that the organization considers integral to their day-to-day …show more content…
Theft: This is a physical threat that comes about primarily from not ensuring proper physical security in an organization.
8. Technical hardware failures or errors: an organization is exposed when equipment is not maintained in proper working condition.
9. Technical software failures of errors: Both custom built and off shelf software are prone to attacks if measures are not put into place to defend them. Bugs, errors in codes are some of the vulnerabilities that lead to attacks whereby malicious code can be inserted into this code to carry out a specific act
10. Software attacks: these include viruses, worms, macros or denial of service. These attacks can be either internal (where a case of either a former employee makes an attack) or external where an attack is sent in from outside.
By identifying the threats that pose potential danger to the organization, the organization saves time later when formulating controls be ensuring only potential threats are considered. After identifying the potential threats, they are ranked accordingly in order to quantify the level of effort required to defend against the said threat, that is, 1-5, with 5 representing a most dangerous …show more content…
The business continuity plan is activated when the infrastructure is totally unable to perform hence relocation of operations to an alternative location.
Information technology over time has evolved drastically to a point where companies no longer look to technological advancement as a means to be ahead of the competition but endeavor to improve their assets so that they do not get greatly affected by looming threats to a point where they cannot provide their clients with services they have got used to.
It would be extremely costly even for a very big organization to put together resources (funds and personnel) to prepare strategies for every conceivable threat. 5 major strategies have been identified to guide organizations in addressing threats with depending on the level of the danger presented by the particular
1. Compromise of intellectual property: This occurs when attackers gain access to sensitive material that the organization considers integral to their day-to-day …show more content…
Theft: This is a physical threat that comes about primarily from not ensuring proper physical security in an organization.
8. Technical hardware failures or errors: an organization is exposed when equipment is not maintained in proper working condition.
9. Technical software failures of errors: Both custom built and off shelf software are prone to attacks if measures are not put into place to defend them. Bugs, errors in codes are some of the vulnerabilities that lead to attacks whereby malicious code can be inserted into this code to carry out a specific act
10. Software attacks: these include viruses, worms, macros or denial of service. These attacks can be either internal (where a case of either a former employee makes an attack) or external where an attack is sent in from outside.
By identifying the threats that pose potential danger to the organization, the organization saves time later when formulating controls be ensuring only potential threats are considered. After identifying the potential threats, they are ranked accordingly in order to quantify the level of effort required to defend against the said threat, that is, 1-5, with 5 representing a most dangerous …show more content…
The business continuity plan is activated when the infrastructure is totally unable to perform hence relocation of operations to an alternative location.
Information technology over time has evolved drastically to a point where companies no longer look to technological advancement as a means to be ahead of the competition but endeavor to improve their assets so that they do not get greatly affected by looming threats to a point where they cannot provide their clients with services they have got used to.
It would be extremely costly even for a very big organization to put together resources (funds and personnel) to prepare strategies for every conceivable threat. 5 major strategies have been identified to guide organizations in addressing threats with depending on the level of the danger presented by the particular