Information System Risks Essay

1558 Words Nov 25th, 2010 7 Pages
Information System Risk Management

Claudia I. Campos

CJA 570 Cyber Crime and Information Systems Security

July 5, 2010
Steven Bolt
Abstract
The realization of potential risks to an organizations information system has been increased in the past few years. The principles of risk management, vulnerabilities, internal threats, and external threats is the first step in determining which levels of security are necessary to protect and limit the risks to an organizations information system. This essay will describe the principles of risk management as they pertain to the information system and its associated technology of Professional Security Training School. Moreover, this essay will include an exploration of the vulnerabilities of
…show more content…
Vulnerabilities of System The next step of conducting a risk assessment is to perform a vulnerability analysis, which identifies, evaluates, and reports security vulnerabilities in a system or application. This assessment process collects information through an appropriate operating checklist, surveys, and personnel interviews regarding the system, network tools, and organizational documentation. This process can identify vulnerabilities that can be used to exploit deliberately or accidentally, and provide information to determine the level of risk of each threat (USDA, 2005). Specific vulnerabilities and the methods necessary to determine if risks are present fluctuates depending on the type of system or applications used, and phase the system is in. There are three phases that an information system can be in, which are initiation, developmental or acquisition, and implementation or operational. The initiation phase considers the design of the system structure and related security risks, determining security methods, and performs a data sensitivity assessment, which diminishes vulnerabilities exposed. In the developmental or acquisition phase, a threat and vulnerability analysis is performed to assess the extent and level of risks, which can be eliminated, diminished, or accepted. In the implementation or operational phase, the vulnerability analysis is based on the software tools and inspections to determine if the

Related Documents