The Importance Of Security Planning For Security

Superior Essays
Introduction In order for you to plan for security. You must first conduct a full risk assessment. The whole point of security planning is to develop some security polices so that you can implement some controls that will help to prevent the risks to your systems from becoming a reality. This paper will discuss some cybersecurity strategies and other various frameworks. It will also analyze the change control process and identification needed for security for the specific business fields.
Process to identify security needs and how it effects the foundation of the policy How can you possibly protect your IT infrastructure if you have no idea what you are protecting it against? That’s why it is important to identify the security needs and/or vulnerabilities thoroughly with a basic risk assessment. So a risk assessment is the process that should be completed first and it will help to identify the security needs. During this process you will be faced with some basic questions that will help to identify your security needs. These questions include the following as a start:
1. What are the assets that are within the organization that are in the need of protecting?
2. What are the risks that are associated with each
…show more content…
There are many different ways you can identify your risks. You can start by brainstorming with personnel and work on identifying which of your assets are at risk. Take for example the difference of a server to a workstation is terms of security. A server is more likely to contain more sensitive information on it than your typical workstation, so even though the workstations need to be secured, a stolen or compromised server would cause more damage and therefore needs to be placed hire on the risk chart. After you have identified your risks, you can then begin to develop a policy that will help to reduce or eliminate the risks. (Benson,

Related Documents

  • Improved Essays

    The vulnerabilities identified in part 1 assignment was mitigated by recommending the right solutions. In part2, the network security analyst identified and proposed solutions for the right network devices to protect the accounting firm's network from intruders and external cyber threats. In this final assignment section, the network security analyst of the accounting firm will propose the application/end-user security recommendation to protect the company’s sensitive information. The analyst will also ensure that the proper procedure and policies are in place to take care of network security and employees should be trained and aware of those policies from possible threats including cyber-attacks.…

    • 730 Words
    • 3 Pages
    Improved Essays
  • Superior Essays

    Kroger's Risk Analysis

    • 1142 Words
    • 5 Pages

    The first task in the Risk Management Process is risk identification, which must be accomplished to determine what if any risk levels exist and the controls needed to mitigate potential damages (Fraser & Simkins, 2010). Risk Identification can be achieved using several tools or application checklists to identify and describe exposures, which are: Risk Analysis Questionnaire, Financial Statement Method, Flowchart Method, On-site Inspections, and Environmental Scanning (Bethel, 2016). Additionally, there are measurement tools, such as Key Risk Indicators, which indicates whether the risk exists or is emerging (Fraser & Simkins, 2010). So, why is risk analysis important?…

    • 1142 Words
    • 5 Pages
    Superior Essays
  • Great Essays

    From the point of view of danger administration, risk demonstrating is the deliberate and key methodology for distinguishing and counting dangers to an application domain with the target of minimizing the danger and the related effects. Risks investigation thusly is distinguishing proof of the dangers to the application, and includes the examination of every part of the application’s usefulness and engineering and outline to recognize and order potential shortcomings that could prompt and endeavor. Information streams demonstrate how information streams intelligently through the end to end, and permits the ID of influential segments through basic focuses, i.e. information entering or leaving the framework, stockpiling of information and the stream of control through these segments. Thrust limits demonstrate any area where the level of trust changes. Process parts show where information is prepared, for example, web servers, application servers, and database servers.…

    • 1555 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    General Liability Policy

    • 846 Words
    • 4 Pages

    The team needs to have a realistic risk analysis that weighs the probability the event will occur against the potential severity the risk could have. Risk Categories: Time, Value, Event, Threshold Respond to Risks - A) mitigate the risk by lowering the impact or probability B) transfer the risk to another party C) avoid the risk entirely and do not take on the project Monitor Risks - a continuous activity necessary to track the state of identified risks and making sure appropriate risk response plans are being…

    • 846 Words
    • 4 Pages
    Improved Essays
  • Brilliant Essays

    (2006, February). Special Publication 800-18 REV 1: Guide For Developing Security Plans For Information Technology Systems. Retrieved October 30, 2015 from http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf NIST - National Institute of Standards and Technology. (2012, September). Special Publication 800-30 REV 1: Guide for Conducting Risk Assessments.…

    • 1450 Words
    • 6 Pages
    Brilliant Essays
  • Improved Essays

    These concerns are listed in the Threat sources and Threat action section of the risk assessment on pages seventeen and eighteen. While Vulnerability space on assets and their impact can be seen on pages nineteen to twenty four. This section has valuable information to help in creating a needed policy. As justification, I will make reference to the ISO 27002:2005 which in section 4.1 recommend multi-perspectives on risk be included in the ISMS. These perspectives includes Threat, Asset, Vulnerability and impact (ISO/IEC 27002, 2005) .…

    • 1009 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Black Ice Summary

    • 823 Words
    • 4 Pages

    The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical space and cyberspace, and governance constructs that involve multi-level authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient. All Federal department and agency heads are responsible for the identification, prioritization, assessment, remediation, and security of their respective internal critical infrastructure…

    • 823 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    The future of digital crime and digital terrorism is important to consider how the landscape of cybercrime looks into the future. Computer technology shifts and changes within time. In this paper review and explore the trends, needs, and issues related to cyber crime and terror in the future through the use of forecast. As we gain the knowledge of cybercrime and cyber terrorism, there has been researching study on the evolution of cyber threats in security. The levels of awareness of cyber threats have increased.…

    • 930 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Risk Management Framework

    • 44871 Words
    • 180 Pages

    NIST Special Publication 800-37 Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approach JOINT TASK FORCE TRANSFORMATION INITIATIVE INFORMATION SECURITY Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 February 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Special Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approach ________________________________________________________________________________________________…

    • 44871 Words
    • 180 Pages
    Improved Essays
  • Great Essays

    In the earliest communities, people were “Hunter-Gatherers”. This means, in most instances, men would hunt animals to eat, and women would gather fruits and vegetables. During this time people Nomads; they moved to new locations based upon the flocking patterns of the animals they hunted. After this, they learned that they could capture and breed the animals we ate. This is when the hunter-gatherer phases ended and the horticultural phase end.…

    • 1383 Words
    • 6 Pages
    Great Essays
  • Great Essays

    Cyber threats in organizations arise from processes, staff and infrastructure. There is the need for organizations to come up with preventive measures and response systems to cyber-attacks. Inventory management, disaster recovery and incident response are key aspects when dealing…

    • 951 Words
    • 4 Pages
    Great Essays
  • Improved Essays

    I would identify the potential risks that could happen in the organization (“Risk Management Plan”). I would then cluster the risks into different groups (“Risk Management Plan”). After this, I would delve even deeper and evaluate each risk in terms of probability and the result on the goals of the organization (“Risk Management Plan”). I would also put together different courses of actions that I would go down if any of these events ever happened (“Risk Management Plan”). On top of this I would make sure that the risk management plan I implement consists of a complaint system that allows the resolution of accusations brought up by patients (Pozgar, 2015).…

    • 827 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Identifying and managing risks is a critical responsibility of project managers. Risk is defined as the probability of a specified threat and the subsequent impact that the event produces (Vaidyanathan, 2013). Risks can also bring about either positive or negative outcomes for a project or organization. A project manager must identify potential risks and evaluate each one to determine the severity and likelihood of each event. Only by completing the risk management process, a project manager can determine what approach would work best to avoid, mitigate, and/or transfer the risk.…

    • 730 Words
    • 3 Pages
    Improved Essays
  • Decent Essays

    This can be one of the hardest steps because it can be difficult thinking about vulnerabilities the system might have. Today’s technology is advancing at a rapid rate, which makes it difficult to keep up with the new threats, viruses, and vulnerabilities that come with it. A few examples for Wells Fargo can be; poorly trained employees, disgruntle employee, power outage, breach on the servers, misconfigurations, natural disasters, and many others. If someone where able to breach any server, irreparable damage could be caused as well as confidential information stolen. A poorly trained employee could be one of the biggest risk imaginable.…

    • 720 Words
    • 3 Pages
    Decent Essays
  • Improved Essays

    Cyber Ark Case

    • 725 Words
    • 3 Pages

    The critical requirement of the industry is to protect the data inside of your customer’s computer networks. With an every growing list of companies in the industry and an every present awareness of the risks as told by the news media the need is very apparent. Customers in the cyber security industry range from Colleges to medical facilities, financial companies to banks, major companies from retail to manufactures, including governments and the military. The threat is other companies looking for Intellectual property to other countries hoping to steal technology or intelligence vital to a nation’s security. Research and development are vital components of any company in the Cyber Security business.…

    • 725 Words
    • 3 Pages
    Improved Essays