September 2023 Business Finance Assignment
Module 1 – Case
Information Systems have become the foundational platforms for many organizations and businesses to carry out their missions and business functions. Hence, managing the security risk related to the use and operation of the information systems has also become a critical component of managing organizational risks. The following article provides an overview of managing information security risk, especially from the managerial perspective.
NIST (2011), “Managing Information Security Risk — Organization, Mission and Information System View,” National Institute of Standards and Technology Special Publication 800-39.
Effective risk management of information system security first asks for systematic risk assessment. The following article provides frameworks, fundamentals, and processes for risk assessment. Matrix are also suggested to guide detailed risk assessment of threats, their likelihood, and impacts, etc.
NIST (2011). Information Security — Guide for Conducting Risk Assessments. National Institute of Standards and Technology Special Publication 800-30 Revision 1.
The following chapter in the Handbook of Information Security Management also covers the similar topics such as the risk assessment of threats and likelihood, qualitative and quantitative considerations of risk assessment and even some accounting methods. Even speaking in slightly different languages, the fundamentals and methods are similar.
Ozier, W. Section 3-1—Risk Analysis. Handbook of Information Security Management.
After reading the above articles (the first two are documentations with many pages, please selectively read the important content rather than read word-by-word), please write a 3-5 page paper titled:
“How to Systematically Conduct Risk Assessments of Information System Security Risks? — Fundamentals and Methods”
Please address the following issues in your paper:
- The importance of risk management for information system security
- The principles and fundamentals of risk management of information system security
- The importance and fundamentals of risk assessment of information system security
- The methods of risk assessments including processes, matrix, calculations, etc.
- The challenges and solutions to risk assessments that are particularly interesting to you