Essay Example on An effective risk assessment is done by following the Appropriate

Information Assurance Assessment and Evaluation Project Paper Outline Introduction An information security risk assessment will focus on the effectiveness of an entity being accessed Scarfone Souppaya Cody Orebaugh 2008 The thesis statement is An effective risk assessment is done by following the appropriate methods and procedures which entails that organizations need to manage risk effectively to achieve business and strategic objectives and an effective risk assessment is done through technical testing risk management evaluations information assurance governance and the security metrics relating to information systems The information security risk assessment consists of a risk analysis that identifies sources and estimates risk using a risk evaluation A risk evaluation compares the estimated risk against certain criteria to determine its relevance Wangen 2017 Information security risk management aims to protect a company's information which can range from security threats through using effective and cost efficient methods Webb Maynard Ahmad Shanks 2016 The objectives of risk management involve security threats in determining information of risk assessments of security threats according to impact and probability of occurrence determining risk mitigation according to level of preparedness involving information security threats and determining the extent of occurrence and impact of security threats as it relates to preparedness 

Sumner 2009 Information assurance will relate to confidentiality integrity availability non repudiation accountability authenticity and reliability as it relates to information security risk assessments Shamala Ahmad Zoliat bin Sahib 2015 Discussion Governance Developing organizational security governance objectives have resulted from an ever increasing vulnerability in misusing appropriate controls Organizational governance of information technology deals with responsibilities and practices by higher level management to provide a strategic direction that such risks are managed accordingly and organizational resources are used appropriately Mishra 2015 Information security is closely related to IT governance as an important objective for ensuring the protection of information assets Flores Sommestad Holm Ekstedt 2011 Information security governance literature relates to changing threats and landscapes to organizational impacts of compromised information that arises from security breaches and need for higher level roles involved in information security and appropriate governance structures Williams Hardy Holgate 2013 Security Strategy Companies need to employ strategies that direct the security efforts and for optimizing their limited resources The strategies that will be used are deterrence prevention surveillance detection response deception perimeter defense compartmentalization and layering Prevention protects information assets occurring from an attack by prohibiting unauthorized access modification destruction or disclosure Deterrence employs disciplinary actions for influencing human behavior and attitude Surveillance monitors the security environment towards developing situational awareness for fast changing circumstances and threats Detection is an operational level strategy Response takes corrective action against identified threats Deception distracts an attacker s attention Perimeter defense creates a boundary around informational assets Compartmentalization reduces an attacker s opportunity Layering uses countermeasures to increase the effectiveness of the defense Ahmad Maynard Park 2014