Information Security Policies-Free-Samples for Students-Myassignment

Question: Discuss about the IT Security Management. Answer: Identification and Ranking of Assets There were various important information assets that were involved for completing as well as exceeding expectations in my academic performance. The several information assets that were involved for completing this assignment are given below People Data and Information Software Hardware According to the priority of the assets, they are listed below: Information Assets Criterion 1: Contribution to me Criterion 2: Contribution to my academic performance Weighted Score Criterion Weight (1-100) 40 60 Software 1.0 1.0 100 Hardware 0.9 0.9 90 Data and Information 0.7 0.8 75 People 0.5 0.3 40 The software and hardware are the most important information assets that were required towards the completion of this assignment. Next, comes the data and information. It is ranked in three in my assets ranking. The weighted score of this particular asset is 75. This information and data were extremely important to understand the value of the assignment and also towards my academic performance. The final information asset is the people. It has the weighted score of 40. Threats Threats are the most vulnerable risks that can occur to any person or any asset. For this assignment, there are few threats that can occur to my group for not completing the assignment. These threats with proper examples are given below: Threats Examples Compromise to intellect Piracy, copying Deviation in quality in our group performance Failure There are few threats for me as well if I will not be able to participate fully in the assignment. They are as follows: Threats Examples Compromise to my intellect and knowledge Less marks, Lack of knowledge Deviation in my career Failure Threat Vulnerability Assessment Worksheet There are few possible vulnerabilities to all the threats identified for me and my group members. They are listed below: Threats Possible Vulnerabilities Compromise to intellect Due to the unsatisfactorily completion of the assignment, our career would be affected. Deviation in quality in our group performance Even if one person does not work properly, the entire group performance would be hampered. Compromise to my intellect and knowledge If I will not be able to participate in the assignment completely, it would be affecting my intellect and knowledge. Deviation in my career When I will not be able to learn anything new, there would a straight downfall in my career. The Threat Vulnerability Assessment Worksheet or TVA worksheet depicts a clear view of the priority of threats to the various assets. Software Hardware Data and Information People Compromise to intellect Deviation in quality in our group performance Compromise to my intellect and knowledge Deviation in my career Priority of Controls 1 2 Risk Worksheet Severity Negligible small/unimportant; not likely to have a major effect on the operation of the event / no bodily injury to requiring minor first aid injury Marginal minimal importance; has an effect on the operation of event but will not affect the event outcome / requires medical treatment Critical serious/important; will affect the operation of the event in a negative way / suffers serious injuries or medical treatment of minors Catastrophic maximum importance; could result in disaster/death; WILL affect the operation of the event in a negative way / death, dismemberment or serious injury to minors Probability LOW This risk has rarely been a problem and never occurred at a college event of this nature Compromise to intellect (1) Deliberate Software Attacks (4) Technological Obsolescence (6) Act of human error or failure (10) MEDIUM This risk will MOST LIKELY occur at this event Compromise in my knowledge and intellect(2) Technical Hardware Failures (5) Deliberate acts of information extortion (8) Deviation in the quality in our group performance (11) HIGH This risk WILL occur at this event, possibly multiple times, and hasoccurred in the past Technical software failures or errors (3) Deliberate acts of theft (7) Deliberate acts of sabotage or vandalism (9) Deviation in career (12) List All Activities Your activity name Associated Risk(s) Risk(s) associated with the activity Severity Level of impact on the trip and students Probability The chances of that risk happening Risk Score Risk score, found by combining impact and probability on the risk matrix Meeting all requirements 1. Sending wrong deliverables. 2. Not understanding requirements 1. Negligible 2. Negligible 1. Low 2. Low 1. Low 2. Low Completing within deadline 1. Not meeting all requirements. 2. Stuck on any particular step 1. Critical 2. Medium 1. Low 2. Medium 1. Medium 2. High Group participation 1. Absence of any one group member. 2. Reduction in quality and efficiency. 1. Catastrophic 2. High 1. Low 2. Critical 1. High 2. Risks Control and Residual Worksheet Activities Identified Risks Initial Risk Level Develop Controls Residual Risk Level Management Strategy 1. Meeting all requirements 1. Sending wrong deliverables Low Resending the deliverables Critical Checking from the supervisor and sending new deliverables. 2. Not understanding requirements. Negligible Asking from the supervisor or other team members High Immediately clarify from the seniors, supervisor or team members 2. Completing within deadline 1. Not meeting all requirements. Critical Asking for more time. High Asking more time from the supervisor for properly completing it by fulfilling all requirements. 2. Stuck on any particular step Medium Taking help from supervisor. Low Taking help from supervisor or other team members. 3. Group Participation 1. Absence if any one group member. Catastrophic Contacting him or her. Low Trying to contact that group member 2. Reduction in quality and efficiency High Trying to make up the loophole in quality and efficiency. High Immediately trying for adding another group member for managing the lack of quality and efficiency. Bibliography Alexander, D., Finch, A., Sutton, D. (2013, June). Information security management principles. BCS. Covello, V. T., Merkhoher, M. W. (2013).Risk assessment methods: approaches for assessing health and environmental risks. Springer Science Business Media. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013). Future directions for behavioral information security research.computers security,32, 90-101. Lee, S. S. (2014). Management information systems.Management,166137(01), 02. Li, W. (2014).Risk assessment of power systems: models, methods, and applications. John Wiley Sons. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Rhodes-Ousley, M. (2013).Information security: the complete reference. McGraw Hill Education. Sennewald, C. A., Baillie, C. (2015).Effective security management. Butterworth-Heinemann. Soomro, Z. A., Shah, M. H., Ahmed, J. (2016). Information security management needs more holistic approach: A literature review.International Journal of Information Management,36(2), 215-225. Suter II, G. W. (2016).Ecological risk assessment. CRC press. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security.computers security,38, 97-102.