The Importance Of Security Planning For Security

Superior Essays
Introduction In order for you to plan for security. You must first conduct a full risk assessment. The whole point of security planning is to develop some security polices so that you can implement some controls that will help to prevent the risks to your systems from becoming a reality. This paper will discuss some cybersecurity strategies and other various frameworks. It will also analyze the change control process and identification needed for security for the specific business fields.
Process to identify security needs and how it effects the foundation of the policy How can you possibly protect your IT infrastructure if you have no idea what you are protecting it against? That’s why it is important to identify the security needs and/or vulnerabilities thoroughly with a basic risk assessment. So a risk assessment is the process that should be completed first and it will help to identify the security needs. During this process you will be faced with some basic questions that will help to identify your security needs. These questions include the following as a start:
1. What are the assets that are within the organization that are in the need of protecting?
2. What are the risks that are associated with each
…show more content…
There are many different ways you can identify your risks. You can start by brainstorming with personnel and work on identifying which of your assets are at risk. Take for example the difference of a server to a workstation is terms of security. A server is more likely to contain more sensitive information on it than your typical workstation, so even though the workstations need to be secured, a stolen or compromised server would cause more damage and therefore needs to be placed hire on the risk chart. After you have identified your risks, you can then begin to develop a policy that will help to reduce or eliminate the risks. (Benson,

Related Documents

  • Improved Essays

    Risk management is the process of identifying the risk, represented in vulnerabilities and threats, to an organization’s information assets, and taking necessary steps in order to reduce the risk to an acceptable level. Risk is the possibility that something bad will happen to the organization’s information asset. To be more specific, risk is the likelihood of the vulnerability to be exploited multiplied by the value of the asset, after security controls were applied to mitigate it. Vulnerability is the weakness that allows exploitation in order to harm organization’s information asset. Threat is anything with potential to harm the organization’s information asset.…

    • 980 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    An important question is the cost, which company might have to pay if not protecting the asset. Identify vulnerabilities and threats Once the assets have been known and their values allocated, all the possible vulnerabilities and threats has to be identified for each of them. The security team should identify the vulnerabilities which could affect confidentiality integrity, or availability requirements. All the obtained information need to be documented so that the required countermeasures can be applied. As there might be a large number of vulnerabilities and associated threats that could disturb the assets, it is also important to be properly categorize them.…

    • 1790 Words
    • 8 Pages
    Great Essays
  • Decent Essays

    M1 Unit 3 Risk Analysis

    • 1198 Words
    • 5 Pages

    The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advance to defend a computer system from any encounter with threats or risks. R8: The relationship between assets and boundaries in a business is that the assets are secured by the boundaries. When these boundaries have open spots to expose they are called vulnerabilities. Therefore, threat agents will try to use their attacks to reveal those assets to expose the sensitive information that they are looking for.…

    • 1198 Words
    • 5 Pages
    Decent Essays
  • Improved Essays

    My main goal is to conduct a CIA Triad (Confidentiality, Integrity, and Availability) to the information system by providing and ensuring this is practiced by my employees. But before being able to manage these goals I would have to look deep into the company vulnerabilities and reduce any possible risk to an acceptable level. There are several decisions I can make upon the risk findings discover such as Risk Mitigation. In this process patches may be install to help reduce the risk or fix the problem that originated. With the standards, regulations, and policies implemented a guidebook will be form that will show the guidance to take if certain threats arise that can harm the company.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Risk Management Plan

    • 1084 Words
    • 4 Pages

    However, it is important to be well prepared before conducting an interview. b. Delphi method: systematic, interactive forecasting procedure based on independent and anonymous input regarding future events. c. Brainstorming: Group attempts to generate idea regarding a specific problem. Thus a list of risk can be created. d. SWOT analysis: This can help us in finding risks and opportunities.…

    • 1084 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Before a security manager can “sell” a strategy, the manager must first have a keen awareness of what the organization does and how security fits into it. The security manager must fully understand the organizational mission and what processes within the organization are needed to accomplish the mission. The security manager must be able to identify organizational assets, liabilities and threats. The vulnerability of system processes are identified and rated on a scale as to likelihood. Conducting a proper risk assessment which focuses efforts on the greatest hazards will help mitigate the confrontation of risks which threatens an organization’s survival.…

    • 811 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    A Vulnerability Assessment needs to be completed to identify weaknesses in the network security configuration in order to suggest changes. We must keep in mind that documentation on how the network systems are configured is critical for the recovery process during a penetrating testing. Vulnerability Assessments are designed to identify network weaknesses and help coming with security improvements and remedies. Penetration testing is a testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it. (Kim, D. & Solomon, Michael 2014, page 486).…

    • 706 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Risk Assessment Answers

    • 708 Words
    • 3 Pages

    Answer 1 Risk assessments is a process where you distinguish risks. Investigate or assess the risk connected with that danger. Decide fitting approaches to dispose of or control the risk. In layman terms, a risk assessment is an in-depth look at your work environment to recognize those things, circumstances, forms, and so forth that may cause any particular harm, especially to individuals. After recognizable proof is made, you assess how likely and serious the risk is, and after that choose what measures ought to be set up to adequately keep or control the problem from happening.…

    • 708 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Computer security should be the focus for every organization. Organizations can combat cyber terrorism by implementing a recovery process (Easttom, 2012). This recovery process will let an organization that undergoes a security issue recover data, and also recover the entire network if needed. If a security incident occurs because an employee or an outside attacker deletes key information, an organization can quickly recover those files (Easttom, 2012). Further, an organization needs to assess the information they have and decide which information is sensitive, or critical to business operations (Easttom, 2012).…

    • 723 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    The plans should be detailed enough to provide a comprehensive defense against an attack. Incident managers should be well versed with the emergency protocols such as coordination, information sharing and backup procedures that are necessary under such circumstances. These principles provide security strategists the necessary guidelines to implement an effective security apparatus. With data security becoming one of the top concerns for organizations that handle sensitive customer information, it is important that security analysts look at the holistic picture of the security landscape rather than having a narrow scoped approach to protect and improvise their security…

    • 810 Words
    • 4 Pages
    Improved Essays