This website uses cookies to ensure you have the best experience. Learn more

A Risk Analysis For Information Security And Infrastrucure Protection

1322 words - 6 pages

A Risk Analysis for Information Security and Infrastructure Protection

Special Topics in Criminology and Criminal Justice

Columbia Southern University

January 03, 2012

A Risk Analysis for Information Security and Infrastructure Protection


The sole purpose for performing a risk analysis for IT systems is to ensure businesses and or organizations, whether small or large to accomplish its missions by better securing the IT systems that store, process, or transmit organizational information. The primary function of risk analysis is to identify and correct the vulnerabilities and threats of an IT system. It enables management to make ...view middle of the document...

The IT system and application programmers develop and maintain code that could affect system and data integrity. Clearly, IT must have quality assurance personnel for testing and auditing of the system, to ensuring system integrity. In conclusion external IT consultants will be required to perform periodic checks of internal IT systems to detect any violations or security breach.

As discussed in Taylor et al 2011, p293-295 three significant aspects of risk analysis were expound on, which includes assessment and evaluation, threats and cost-effective security measures.

Assessment and evaluation

This important first step is essential in identifying and evaluating the potential risks or developing an effective plan for implementation. It is paramount that an organization focus on internal and external measures when assess vulnerabilities and threats. However, studies show that most losses of information come from inside the organization and through relatively simple security failures of existing information systems and networks. It is crucial that an assessment plan must include an evaluation of the organizational, managerial, and administrative procedures that are relevant to IT systems (Taylor et al 2011, p.293). Therefore, it is clear that an assessment and evaluation plan must be well thought out and covers information relating to acquisition and purchasing of future IT equipment. It should include strategy for explaining information security parameters as the system grows and changes. It must also address the need of minimizing any complexities of the IT system. As well as, simplify IT policies and procedures thereby reducing the enormity of the process, so it can be more user friendly that managers and directors can comprehend it. The ultimate goal is to improve the culture within any organization about the importance of IT and reinforce security and protocol awareness. Training to improve security and eliminate security breach must be common practice. Assessment and evaluation of risk analysis should also be submitted to external reviews to ensure that internally, IT supervisors are not violating their own system (Taylor et al 2011, 294). This method fosters check and balance concept.


The second important aspect of risk analysis is to identify the threats facing an organization. The single largest threat to an organization and its information security comes from within (Taylor et al 2011, p.294). These key individuals may intentionally steal information or corrupt files which result in millions of dollars in loss to that organization. Internal threats may result in organization information being accessed, altered, stolen or sabotaged. When this occur there is very little that can be done to eliminate internal threats. Whereas, external threats can include espionage, sabotage, terrorism and criminal theft. These threats are more likely to be identified. For this paper, great emphasis is placed on vulnerabilities of...

Other Papers Like A Risk Analysis for Information Security and Infrastrucure Protection

Risk Management Plan for Defense Logistics Information Service

848 words - 4 pages Risk Management Plan for Defense Logistics Information Service 1. PURPOSE This Risk Management Plan is an overall look at how Defense Logistics Information Service can protect it’s data. The implication of lost confidential government data is the primary cause for this plan, and will be treated with the utmost importance. 2. GUIDING PRINCIPLES This plan will be presented through a formal, written, written risk management, and security

Risk Management: Role in Justice and Security Organizations

720 words - 3 pages them answer the three most common questions: 1. What can happen? 2. How can it be prevented or how can we respond if it does? 3. If it does happen, who is going to pay for it? Risk Analysis and Assessment In preparing for a risk management program risk analysis must first be performed. This is a tool used by management to determine losses in whatever standard is acceptable or unacceptable by the organization. “This is process of

Sddssdjfjjsdjkjasdjkasdjkjasjdcomputer and Information Security Handbook by John R. Vacca

5839 words - 24 pages sddssdjfjjsdjkjasdjkasdjkjasjdComputer and Information Security Handbook By John R. VaccasddssdjfjjsdjkjasdjkasdjkjasjdComputer and Information Security Handbook By John R. VaccasddssdjfjjsdjkjasdjkasdjkjasjdComputer and Information Security Handbook By John R. VaccasddssdjfjjsdjkjasdjkasdjkjasjdComputer and Information Security Handbook By John R. VaccasddssdjfjjsdjkjasdjkasdjkjasjdComputer and Information Security Handbook By John R

Information and System Analysis Design

1572 words - 7 pages INFORMATION SYSTEM ANALYSIS AND DESIGN Introduction Information system analysis and design is a method used by organizations and corporations to create and maintain information systems that improve efficiency of business functions. The main goal is improvement of business functions through the application of software so that the efficiency of such functions is improved and made easier. The analysis and design of a system is dependent on

Risk and Option Analysis of Proposed Venture

1117 words - 5 pages Memorandum: ------------------------------------------------- Subject : Risk and Option Analysis of Proposed Venture Introduction With reference to the company’s new announced project about exploring the meeting market of Country A, we have some points which I think would be useful to consider before undertaking the project. Background: Rephrasing the whole project definition and scope as you provided in the annual

Risk Management (Case Study: Develop A Risk Management System For A Furnishing Company)

3012 words - 13 pages furniture.* All Fifeshire Furnishings fabric and leather selections reflect a commitment to uncompromising excellence today and in the future.(SGA847 Management of Risk, Learning Unit Profile, Case Study 6).B. RISK MANAGEMENT FOR FIFESHIRE FURNISHINGSI. RISK MANAGEMENT CONCEPTS1. The Purpose of Risk ManagementRisk management is a field of activity seeking to eliminate, reduce and generally control pure risks (such as from safety, fire, major hazards

Beth A Grillo - It540 Management Of Information Security - Assignment - Unit 2

297 words - 2 pages Unit 2 Assignment: Security Policy Implementation Beth A. Grillo, MHA, CPC-A July 19th, 2016 IT540-01: Management of Information Security Dr. Kenneth Flick Kaplan University Table of Contents Unit Two Assignment: Security Policy Implementation 3 Part 1: Step 29 3 Part 1: Step 36 3 Part 3: Step 33 4 Part 3: Significance of Strict Password Policy 5 Reference 6 Unit Two Assignment: Security Policy Implementation Part 1

Information Systems Analysis for British Airways vs. Easyjet

3309 words - 14 pages routes that require the large planes and those that need smaller planes. Additionally, the passenger populations help in planning for new travel routes (Auramo, Kauremaa, & Tanskanen 2005; Khosrowpour 1999). Thus, information serves a range of functions that allow a business entity to manage its business duties and processes simultaneously, and thus meet all their stakeholders’ needs. Also, information aids business integration processes by

To What Extent Is Security a Necessary Precondition for Development?

3117 words - 13 pages consideration of the latter, and not considered within this particular analysis. The third and final manifestation of this development instrumental link is where the ‘social contract’ has broken down between the state and its citizens. Each of these elements, it is put forward, lead to a breakdown of security, and thus conflict. Conflicts related to group motivation arise in situations where there are two distinct groups of people; one agitating for power

The Economic and Risk Analysis Division of the Sec

1120 words - 5 pages Nichole Schweitzer Professor Mathews ACCT 473 April 13, 2016 The Division of Economic and Risk Analysis: What Do They Do? The Division of Economic and Risk Analysis (DERA) is an integral part of the Securities Exchange Commission as it interacts with every other office and division in the SEC. In this paper, I will be discussing the role of DERA within the SEC, how it was formed, the multiple offices within DERA, and a program enacted by

QASCO's Health, Safety Management, And Risk Management Analysis

2776 words - 12 pages are reasonably practicable with all such revisions of provided information by virtue of preceding paragraphs in legislation and that anything gives rise to a severe risk for safety and health. And employers shall make a sufficient and suitable assessment of risks to the safe and health of their employees to which can be exposed while performing their duties. The recommendations given are also specifically in the context of the case organization

Related Essays

Risk And Protection Essay

1725 words - 7 pages presented to the Community Board, which discussed other considerations, such as the community's ability to have an impact on certain risk factors at this time. By consensus, the Community Board then selected the final priorities for prevention action in Elkhart County. Those priorities were presented to Key Leaders for endorsement. Report Overview The next section of the report provides detailed information and analysis of the risk factors

A Security Risk Management Approach For E Commerce.Pdf

2235 words - 9 pages A security risk management approach for e-commerce M. Warren School of Information Technology, Deakin University, Geelong, Australia W. Hutchinson School of Computer and Information Science, Edith Cowan University, Mt Lawley, Australia Keywords Electronic commerce, Risk analysis, Information systems Introduction Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be

Hipaa And Information Security Essay

1176 words - 5 pages job, must undergo training so they understand the guidelines and the legal implications if they do not follow the law. All medical information must be transmitted in a secure and often encrypted manner so that it is not viewable by the public or those not privy to the information. Medical facilities and outside agencies must maintain security measures for their records management programs and they must make sure those programs are secure enough

Common Information Security Threats For Colleges

1440 words - 6 pages student and employee information at risk. While some attacks are directed at specific targets, most security threats are connected to unintentional or uninformed practices that open a back door. An unethical person will take advantage of this back door to gain access to a network. Value of Information The personal information of students and employees contained in a college database requires protection for numerous reasons. This data