It Security and Disaster Recovery Management Essay

786 Words Nov 14th, 2014 4 Pages
IT Security and Disaster Recovery Management

Every company or organization must be aware of all the risks that can occur. In order to do this, a risk assessment must be conducted. In the military, I must work to provide information to my leadership in order for them to assess a risk or threat from occurring. By understanding the risk assessment process it will provide a guideline on the thought process it will take in order to assess the risks within my organization. The risk assessment process provides an idealistic view of how senior leaders and executive will utilize information in determining their decisions on determining the appropriate course of action in response to a threat (NIST, 2011). The first component in a
…show more content…
These are the steps my organization would take in order to assess a risk. Everything begins at the lower organizational level. The lowest level begins by monitoring network outages throughout the Department of Defense. Let’s say that I came across a network outage. First I would ensure that I am following the guidelines on what must be reported to leadership. Then once understanding that the outage is reportable by the standard guidelines I must gather all the information about the outage, and contact everyone that is affected by the outage. Next I would determine what caused the outage. If the cause of the outage was either human or machine error, than the report is just provided to leadership for their awareness. If the cause of the outage is determined to be a malicious attack such as a hacker attempting to gain access to our military networks, or steal information from us, the report must be escalated to leadership as quickly as possible in order to get their decisions on how to best mitigate the risk. Once Leadership comes up with a solution on how to best mitigate the threat at hand, then they must ensure that the plan is implemented in order to mitigate the threat. A few challenges to assessing a threat within my organization is that gathering information can become a huge issue because I

Related Documents