Security Risk Management Plan Essay - 2013 Words

SECURITY RISK MANAGEMENT PLAN Prepared by Jeremy Davis Version control Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 | Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15 Executive summary A Security Risk Management Plan (SRMP) helps CBS†¦show more content†¦This is achieved through the assessment of the business, operations, staff, assets, risks, legislations, standards and policies. Context and background Definition of Risk management The analysing of risks and implementation of risk controls to minimise and prevent risks from occurring to the business. Assumptions Assumptions must be identified that the business may be working to understand and gather more information. Assumptions are what the project team have expected to have or be made available throughout the program. * SMRP approved * SMRP implemented strategies are tested and is successful * SMRP meets requirements Constraints Constraints are usually a list in which provides the limitations and restrictions that the project team may encounter. * Budget issues * Must check if plan meets legislations, standards and policies * Approval of Security risk management plan may delay * Implementation of strategies Legislation/Standards/Policies When considering risk management, you must state legal and regulatory framework. You must identify in order to follow and meet the requirements for the Security Risk Management Plan * ‘Australian /New Zealand Risk Management 4360 1999’ * Standard ISO/IEC 27002 Information technology — Code of practice for information security management * Standard ISO/IEC 27004 Information technology — InformationShow MoreRelatedThe Risks Of Long Distance Human Spaceflight1426 Words   |  6 Pagesspaceflight, the risk management plan in correspondence must prepare the crew members before and during the mission, for risks which may or may not occur, in the isolated confines of space. Specifically, the risks of meteoroid impacts, malnutrition, and contamination were observed and their effects on the psychological and physical health of the crew members was detailed. Only meteoroid impacts are singularly and in transit risk, while both malnutrition and contamination are constant risks due to the humanRead MoreCase Study : Area Risk Assessment862 Words   |  4 PagesITGC Area Risk Assessment IT Management Low Systems Development Low Data Security Medium Change Management Low Business Continuity Planning High Alexandra DeHaven IT General Controls ITGC Area Summary of Issue Strength or Weakness IT Management FFC has an IT strategic plan Strength IT Management FFC has an IT Steering Committee Strength IT Management VP Information Security reports to CIO Weakness IT Management FFC plan matches IT plan Strength IT Management VP Applications reports to CIORead MoreRisk Management Project Part 1 Task 1602 Words   |  3 PagesTony Stark Risk Management Project Part 1 Task 1 Introduction A risk management plan is important for any business or organization regardless of the business’s or organization’s size. In the case of the Defense Logistics Information Service (DLIS), a risk management plan is critical in making sure the data that DLIS handles is protected. Loss or stolen information from DLIS can affect military assets. A plan needs to be made to be able to follow procedures in the event of an incidentRead MoreQuestions On Information Security System1271 Words   |  6 PagesQuestion 1: What is information security? Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability. Question 2: How is the CNSS model of information security organized? Answer: The Committee on National Security System (CNSS) is organize by considering the secure system attributes known as CIA triangle which extend the relationship amongRead MoreApplying Risk Management Essay923 Words   |  4 PagesApplying Risk Management Steve Panaghi University of Phoenix CMGT/430 March 31th, 2013 David Fedorchak Risk Assessment and control deals with identifying, analyzing, and planning all types or risks. It must also account for any newly rising risks and keep track of them and what they can do to a system. This paper will explain some possible risks and how to avoid them, but only as an example that can be extrapolated to the entire concept of Risk Management. It will also cover ideas thatRead MoreMain Purpose of security management1499 Words   |  6 Pagesï » ¿ The Main Purpose of Security Management and Security Measures must be Commensurate with the Threat For us to identify security management we first have to breakdown the meaning of security management because one person’s ideology of security can be totally different to someone else’s, therefore to define security in Latin (secura with care) basically translates to be free from danger. To need security management we first have to identify a threat because without a threat we can’t fully understandRead MoreThe Federal Information Security Management Act1089 Words   |  5 Pages The Federal Information Security Management Act (FISMA) Dayne Dickson Bellevue University The Federal Information Management Act Regulations are rules imposed by governments on companies, and individuals to ensures that society is protected. These safeguards can include protections for better and cheaper services and goods, as well as the protection of firms from â€Å"unfair† (and fair) competition, cleaner water and air, and safer workplaces and products (Litan, 2016, para. 2). In today’s information-drivenRead MoreInformation Systems Security Survey Essay1206 Words   |  5 Pages Information Systems Security Survey CSIA 303 Assignment 1 University of Maryland University College October 10, 2014 Information Systems Security Survey The University of Nebraska Medical Center (UNMC) is an institution that was built back in the 19th century. UNMC’s mission is to improve the health of Nebraska through premier educational programs, innovative research, the highest quality patient care, and outreach to underserved populations (UNMC, 2004). As an institution withRead MoreU.s. Department Of Homeland Security1668 Words   |  7 Pages1. Purpose Among one of the missions of The U.S. Department of Homeland Security is to protect and preserve the security of the Cyberspace in the country. The principal objective of this Security Plan is to give instructions and direction for the Department’s workers and help the Homeland Security to create best practices and strategies in the IT security system. 2. Scope This policy needs to be applied to all users, employees, contractors, suppliers and to all IT resources such as e-mails, filesRead MoreThe Current Service Level Agreement1223 Words   |  5 Pagesreviewing the current Service Level Agreement (SLA) between Finman Account Management, LLC, Datanal Inc, and Minertek, evidence was found that security standards necessary to protect all parties were not addressed within the body of document. The following information technology security standards are recommended to protect all parties involved and should be applied to the SLA in this case. For Finman Account Management, the chief concern is to provide guidelines within the SLA that address data