Everyday there are billions of conversations, billions of bytes of data being shared, billions of new files being created, and billions of computer processes running simultaneously. In between all those interactions exists the possibility of theft, fraud and espionage, all of which could be impossible to detect. While there are ways to prevent all possibilities of security breaches, none of those options are viable for organizations which rely heavily on being connected to various networks and having data continuously transferred throughout cyberspace. Instead, organizations focus on creating security systems that identify and contain breaches, still allowing for connectivity to the web. However, regardless of the complexity of a security
…show more content…
In Humphreys’s (2010) “Information Security Risk Management,” he claims that for a risk assessment to be meaningful to an organization, the “security risks must be considered in a business context, and the interrelationships with other business functions… need to be identified” (p. 1). Incorporating all the facets of the organization into the assessment, in context specific to the organization’s purpose and goals, demonstrations the crucial need for security based on their administrative needs. This initial assessment is also the basis of the security plan, aligning it to organizational processes to prevent any disruptions of business tasks. A seamless union of security management and standard business practice instills motivation within the organization to concentration more on the security plan, driving a successful risk management process. By understanding the internal structure of the organization, risks can be properly identified and explained to the organization, allowing for a more specific, streamlined development for an organization’s risk analysis and management …show more content…
In the current methods of developing a security plan, there is a lot of preparation when building up to a capable plan. All the work done from risk identification to risk analysis. Most of the steps taken while creating a security plan require an almost parallel development to the organization’s mission statement and goals, which is a task a computer still is unable to perform successfully. Instead, organizations should focus on allotting the proper amount of resources for the security team to complete and manage their security plan, so that the security team does not have to try to work around a budget or try to find the least-costly methods to analyze the organization’s security
In Humphreys’s (2010) “Information Security Risk Management,” he claims that for a risk assessment to be meaningful to an organization, the “security risks must be considered in a business context, and the interrelationships with other business functions… need to be identified” (p. 1). Incorporating all the facets of the organization into the assessment, in context specific to the organization’s purpose and goals, demonstrations the crucial need for security based on their administrative needs. This initial assessment is also the basis of the security plan, aligning it to organizational processes to prevent any disruptions of business tasks. A seamless union of security management and standard business practice instills motivation within the organization to concentration more on the security plan, driving a successful risk management process. By understanding the internal structure of the organization, risks can be properly identified and explained to the organization, allowing for a more specific, streamlined development for an organization’s risk analysis and management …show more content…
In the current methods of developing a security plan, there is a lot of preparation when building up to a capable plan. All the work done from risk identification to risk analysis. Most of the steps taken while creating a security plan require an almost parallel development to the organization’s mission statement and goals, which is a task a computer still is unable to perform successfully. Instead, organizations should focus on allotting the proper amount of resources for the security team to complete and manage their security plan, so that the security team does not have to try to work around a budget or try to find the least-costly methods to analyze the organization’s security