The Importance Of Risk Assessment And Risk Management

700 Words 3 Pages
To protect my company assets from cyber threats/attacks many things must be taken into consideration because there is always a deeper internal issue in what we believe is secure. Risk assessment and risk management are both very important parts of planning to create a safe, secure work environment to protect my employees and company both on the inside and outside of the company. I would assure that my company conducts a risk assessment periodically. This helps to see what has failed in the past versus what improvements and corrective actions have been made to present day. Comparing and contrasting the effects of failures also helps to determine if the current improvement fall into the same category. When checking for vulnerabilities in Information …show more content…
My main goal is to conduct a CIA Triad (Confidentiality, Integrity, and Availability) to the information system by providing and ensuring this is practiced by my employees. But before being able to manage these goals I would have to look deep into the company vulnerabilities and reduce any possible risk to an acceptable level. There are several decisions I can make upon the risk findings discover such as Risk Mitigation. In this process patches may be install to help reduce the risk or fix the problem that originated. With the standards, regulations, and policies implemented a guidebook will be form that will show the guidance to take if certain threats arise that can harm the company. It will also show what is expected of the employees, their rights and the consequences that follow. But in order for me to do this I will provide training to my employees so they are aware and have a better visual of what the company is about and the expectations. Another important thing is assigning roles and responsibilities for the employees, and what each department is expected to conduct in order to keep asset and information …show more content…
I will pass policies that show employees how to construct strong passwords to log in to the system such as P0c0nt@s2132, in which shows not only letters but upper case, symbols, and numbers. As well as, a secret question and password must be provided to provide reassurance that the person logging in is who they say they are. Next would be to have the right and updated anti-virus and malware protections. This will help detect threats that enter the system. Locking your network and applying wired networks, which involves plugging into physical outlets or hacking modem ports. If a wireless network is needed disabling the SSID broadcasting to work on a wireless router for a hidden network. Another important policy would be the internet policy that involves what site are to be blocked, and only company emails are to be open for work purposes. If dealing with secret assets or information, encrypting the information attach with password will be

Related Documents