Popular in Course
verified elite notetaker
Popular in Department
This 0 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 18 views.
Reviews for ISSC363_Case_Study_Phase2
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
PHASE II Case Study Phase 11 Brian Page American Military University PHASE II 2 Introduction Managing security risks that are associated with business and personal growing reliance on information technology is a continuous process Private organizations have struggled for years to find more efficient ways to manage risk and ensure that they understand the risks associated with using information technology and their reliance on it Information Technology indeed has the fastest rate of development and application in businesses around the world It requires constant monitoring and protection in order to provide the highest level of security Methodology The methodology that was chosen to use in the Risk Assessment for the Falcons Nest Bowling Center is the Qualitative Method while using methodologies and best practices from NIST My reasoning is simple in the time it would take to calculate the costs more relevant is the likelihood that the risks discovered could occur Probability and impact of the risks are more relevant than the actual costs incurred if the risk was to occur The development of mitigations for the risks that are discovered is more important to the process and the business There are nine steps that I systematically follow when conducting this type of Risk Assessment they are Characterization threat identification vulnerability identification control analysis likelihood of exploitation impact risk determination recommendations for control and results One of the requirements that must be met is that information relevant to the systems must be collected such as specific hardware software interfaces processes data and information This information is critical in determining the sensitivity of the systems and what they need to be protected In threat identification the threats to the systems are identified and classified into three main categories they are natural human and environmental PHASE II 3 Looking at the business as a whole including organizational and management practices Personnel Physical Security Data Security Information Integrity Software Integrity Personal Computer Security Network Protection and Incident Response are all a part of the Risk Assessment Process There are no specific requirements for risk assessments when it comes to methodologies The Risk Assessment team must use their experience in conducting assessments to determine the best course of action for the company or business that they are conducting the Risk Assessment for Another thing to consider is once the results are given the organization must consider the limitations on the assessment and be objective in the implementation Recommendations are given by the Risk Assessment but sometimes the drawbacks of implementing a recommendation outweigh the benefits The goal is to provide the organization with maximum exibility when presenting the options to mitigate the risks identified in the risk assessment There are many methods that can be used to conduct risk assessments the assessor must tailor the assessment to the needs of the organization or company that is being assessed For the Falcons Nest Bowling Center the best approach and methodology is the Qualitative method due the inability of the assessor to gain access to the specific information needed for the quantitative process such as cost PHASE II References Cited Gallagher P 2012 September 1 Information Security Retrieved November 17 2014 from httpCsrcnistgovpublicationsnistpubs80030reV1Sp80030r1pdf Gibson D 2011 Managing risk in information systems Sudbury Mass Jones amp Bartlett Learning
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'