Information security management Essay Example | Topics and Well Written Essays - 2500 words - 1

Information security management - search ExampleTaking a step back, there is value in situating a risk appraisal process for write up Company in the context of a cycle for managing risks. The chart below situates this special(a) exercise for Accounting Company in terms of a cycle that includes the (1) assessment of risks and determination of involve (2) the implementation of controls and policies (3) the promotion of awareness and (4) monitoring and evaluation all occurring within the context of a telephone exchange point of focus (United States General Accounting Office 6)Meanwhile, a compilation of risk assessment approaches for breeding security that is taken from best practices of many different top organizations in the US has distilled the most authorised elements of an effective security risk assessment as follows (1) the naming of threats that could significantly impair crucial assets and operations (2) estimation of the likelihood of the occurrence of such identified threats (3) the identification and prioritization of assets and operations in order to memorise the most crucial assets and operations to protect in cases of the occurrence of the identified threats 4) the estimation of probable losings in the event of the occurrence of the threats, to included losses from the costs of recovery, for the most important assets and operations (5) the identification of interventions for risk mitigation, where the emphasis is on the cost-effectiveness of such interventions and (6) the documentation of the results and the development of a plan of action (General Accounting Office 6).To be sure, while the above outlines a generic information security risk assessment approach that is the common denominator for all kinds of effective, best practice, approaches, the literature actually details many different kinds. Including a matrix approach (Goel and Chen), and many other different best practice