Essay Example on An effective risk assessment is done by following the Appropriate









Information Assurance Assessment and Evaluation Project Paper Outline Introduction An information security risk assessment will focus on the effectiveness of an entity being accessed Scarfone Souppaya Cody Orebaugh 2008 The thesis statement is An effective risk assessment is done by following the appropriate methods and procedures which entails that organizations need to manage risk effectively to achieve business and strategic objectives and an effective risk assessment is done through technical testing risk management evaluations information assurance governance and the security metrics relating to information systems The information security risk assessment consists of a risk analysis that identifies sources and estimates risk using a risk evaluation A risk evaluation compares the estimated risk against certain criteria to determine its relevance Wangen 2017 Information security risk management aims to protect a company's information which can range from security threats through using effective and cost efficient methods Webb Maynard Ahmad Shanks 2016 The objectives of risk management involve security threats in determining information of risk assessments of security threats according to impact and probability of occurrence determining risk mitigation according to level of preparedness involving information security threats and determining the extent of occurrence and impact of security threats as it relates to preparedness 

Sumner 2009 Information assurance will relate to confidentiality integrity availability non repudiation accountability authenticity and reliability as it relates to information security risk assessments Shamala Ahmad Zoliat bin Sahib 2015 Discussion Governance Developing organizational security governance objectives have resulted from an ever increasing vulnerability in misusing appropriate controls Organizational governance of information technology deals with responsibilities and practices by higher level management to provide a strategic direction that such risks are managed accordingly and organizational resources are used appropriately Mishra 2015 Information security is closely related to IT governance as an important objective for ensuring the protection of information assets Flores Sommestad Holm Ekstedt 2011 Information security governance literature relates to changing threats and landscapes to organizational impacts of compromised information that arises from security breaches and need for higher level roles involved in information security and appropriate governance structures Williams Hardy Holgate 2013 Security Strategy Companies need to employ strategies that direct the security efforts and for optimizing their limited resources The strategies that will be used are deterrence prevention surveillance detection response deception perimeter defense compartmentalization and layering Prevention protects information assets occurring from an attack by prohibiting unauthorized access modification destruction or disclosure Deterrence employs disciplinary actions for influencing human behavior and attitude Surveillance monitors the security environment towards developing situational awareness for fast changing circumstances and threats Detection is an operational level strategy Response takes corrective action against identified threats Deception distracts an attacker s attention Perimeter defense creates a boundary around informational assets Compartmentalization reduces an attacker s opportunity Layering uses countermeasures to increase the effectiveness of the defense Ahmad Maynard Park 2014 

Security Metrics Applying security metrics to security performance can help measure the effectiveness of controls and identify areas for improvement Nichols Sudbury 2006 Information security metrics will include qualitative metrics and quantitative metrics The quantitative category measures the degree of compliance with security requirements Qualitative will be managing compliance with information security requirements or tracking progress Risk analysis and risk management is based on quantitative performance metrics Ryan Ryan 2008 Conclusion The research shows that the thesis statement is correct All these areas relate to the effectiveness of an information security risk assessment There are no recommendations regarding the thesis statement The key takeaway is the need for risk assessments in any type of organization is very pertinent especially relating to information technology References Ahmad A Maynard S B Park S 2014 April Information security strategies towards an organizational multi strategy perspective Journal of Intelligent Manufacturing 25 2 357 370 doi http dx doi org ezproxy2 apus edu 10 1007 s10845 012 0683 Flores W R Sommestad T Holm H Ekstedt M 2011 September Assessing future value of investments in security related IT governance control objectives surveying IT professionals Electronic Journal of Information Systems Evaluation 14 2 216 227 Retrieved from ProQuest 900110402 Ryan J Ryan D 2008 October 7 Performance metrics for information security risk management IEEE Security Privacy 6 5 1540 7993 doi 10 1109 MSP 2008 125 Mishra S 2015 Organizational objectives for information security governance a value focused assessment Information and Computer Security 23 2 122 144 Retrieved from ProQuest 1786145771 Nichols E A Sudbury A 2006 September Implementing security metrics initiatives The EDP Audit Control and Security Newsletter 34 3 10 20 Retrieved from ProQuest 2 34907761 Scarfone K Souppaya M Cody A Orebaugh A 2008 September Technical guide to information security testing and assessment National Institute of Standards and Technology 1 80 Retrieved from http nvlpubs nist gov nistpubs Legacy SP nistspecial publication800 115 pdf Shamala P Ahmad R Zoliat A H bin Sahib S 2015 Collective information structure model for information security risk assessment ISRA Journal of Systems and Information Technology 17 2 193 219 Retrieved from ProQuest 1683489669 Sumner M 2009 Information security threats a comparative analysis of impact probability and preparedness Information Systems Management 26 1 2 12 doi 10 1080 10580530802384639 Wangen G 2017 April Information security risk assessment a method comparison Computer 50 4 52 61 doi 10 1109 MC 2017 107 Webb J Maynard S B Ahmad A Shanks G 2016 November Foundations for an intelligence driven information security risk management system Journal of Information Technology Theory and Application 17 3 25 50 Retrieved from ProQuest 187776397 3 Williams S P Hardy C A Holgate J A 2013 December Information security governance practices in critical infrastructure organizations a socio technical and institutional logic perspective Electronic Markets 23 4 341 354 doi http dx doi org ezproxy2 apus edu 10 1007 s12525 013 0137 3

Write and Proofread Your Essay
With Noplag Writing Assistance App

Plagiarism Checker

Spell Checker

Virtual Writing Assistant

Grammar Checker

Citation Assistance

Smart Online Editor

Start Writing Now

Start Writing like a PRO