[Jessica Jagerson]

As a Systems Security Officer, why is risk management important?  Be sure to address the importance of protecting assets, measuring the threat to those assets, and how the controls address the level of risk.

Use at least three of the terms discussed in this chapter in your response.  Use the text and examples from the video in your response.

[Kelly Crooks]

Risk management is essential as a Systems Security officer because it is our job to protect our clients and customers’ assets from threats. Those threats can include internal and external threats as well as skilled and unskilled agents, and natural events. Threats also come in the form of hackers, a worm seriously degrading the performance of a network, violation of security and user privacy, and many other threats.

Protecting assets is important because those clients and customers count on us to protect their information and data. Assets can be vulnerable to attacks due in part to a lack of access control. poop procedures and lack of training. Other vulnerabilities include a lack of understanding of the security protocols used, a lack of communication structure, not being able to respond quickly to an attack or threat, and misuse of access by authorized users.

Controls used in risk management and asset protection are things that are put in place between threats and assets.IT countermeasures include things like firewalls, smart cards, and antivirus software. Non-it countermeasures can be put into place as well such as guards and procedures, implementing regular security training, and awareness training for employees.

[Marcena Davis]

It’s amazing to see the level of dedication and attention to detail that goes into being a Systems Security officer. The range of threats that can compromise the security of assets is truly staggering, from internal to external, skilled to unskilled agents, and even natural events. It’s clear that protecting assets is crucial to maintaining the trust of clients and customers who depend on their information and data being safeguarded. It’s interesting to see the various vulnerabilities that can exist within a system, such as a lack of access control or communication structure. It’s reassuring to know that risk management controls are in place, including both IT and non-IT countermeasures like firewalls, smart cards, and regular security training. It’s clear that being a Systems Security officer is a complex and challenging role, but one that is essential in today’s digital age.

[Kevin Mehok]

Hey Kelly,

How are you sir. I think the oversight, if you will, of the range of threats is far too often overlooked, or not fully calculated. Asset Management needs to be fully implemented before a protection plan can be put into place.

The segment in my opinion is understanding two folds, why are we protecting it, and from what? If we do not assess the value first, we could be paying too much.

God Bless,

Kevin

[Marcena Davis]

Risk management is an important part of an organization’s security strategy, as it helps to identify, assess, and prioritize potential threats and vulnerabilities to assets.

One of the key reasons why risk management is important is that it enables the organization to protect its assets. Assets can be anything that is of value to the organization, such as hardware, software, data, or intellectual property. By identifying the assets that are most critical to the organization, the Systems Security Officer can determine what controls are needed to protect those assets from potential threats.

Another reason why risk management is important is that it allows the Systems Security Officer to measure the threat to those assets. Threats can come from a variety of sources, such as malicious insiders, hackers, natural disasters, or human error. By assessing the likelihood and impact of these threats, the Systems Security Officer can prioritize which risks need to be addressed first and allocate resources accordingly.

Finally, risk management is important because it allows the Systems Security Officer to determine how the controls address the level of risk. Controls are measures taken to reduce the likelihood or impact of a threat, and they can be administrative, technical, or physical in nature. By selecting and implementing appropriate controls, the Systems Security Officer can mitigate the risk to an acceptable level.

[Kelly Crooks]

Marcena, nice to be in class with you again! I remember a bit of this information from one of my previous courses. Do you have experience with risk management in IT? Really the only experience that I have with risk management asserts, and threats are keeping my company information and customer information safe when I enter into the POS program and Quickbooks. Even though I only have one location there are several controls that I have in place to keep that information and data safe, especially because I switched over to cloud-based storage.

[Kevin Mehok]

IST3011 Information Systems Security Officer
Week One
Assignment #2
Week One Discussion
Kevin Mehok

Hey Class,
I am not 100% sure as to what it is that we needed to discuss; however, I was super interested in reading content in Chapter Two regarding ISMS (Information Security Management System). I feel this will someday be our responsibility to understand, design, and implement Information Security at a high level. This is why I have selected this topic to discuss with our class.
Let’s begin with a structure, shall we? Everything starts with Senior Management and their support. The Senior Management ultimately needs to approve the policy or policies that Information Security aims to put in place.
Next the team with Senior management must agree on a budget. This budget will be a benchmark as to programs, training modules, and staffing resources can be put in place. Far too we immediately think about technology and hardware. Remember, Information Security protects what is already in place. Therefore, the budgeting, at least initially speaking, is not about new hardware, but the support around it.
Thirdly we may consider the team’s resources. Who is currently on the team, what resources may be allocated to conduct and lead training. One of the greatest resources our organizations can possibly have may come down to ‘awareness’ and ‘educated responses’ in the event of a cyber or digital attack.
Finally, Senior Management and Information Security team must be aligned with the proper authority. Such authority comes down to access, and gate keeping. Who and what are to be labeled as the gate keeper and hold permission levels to such authority.
Once the team assembles these steps, we can then establish a Security Framework. This is more or less a structured outline of the agreed policies, budget, resources, and authority. It is important to create a clear and concise Security Framework.
Now, class we can roll out Program Management. Program Management revolves around the teams goals, deliverables, and meaningful timelines. Perhaps, the response times will be tweaked, so new goals with be set. Perhaps additional security or controlled access with be required for deliverables. Lastly, maybe internal operations with coordinate specific deadlines that may impact our team’s timeline.
That’s all I’ve got.
God Bless,
Kevin

[Kevin Mehok]

Marcena,

I have been wondering how you have been doing. Risk Management is a team effort and requires the entire organization to be aware of gate keeping and understanding the core needs of the unit first and foremost.

I feel that the entire needs to be aware of what needs to be protect and a clearly defined in a way as to what is being insured.

God Bless,

Kevin

[Kanthony]

Hi Kevin,
The question for each discussion is at the top of that discussion. This one starts with ….”As a Systems Security officer…..” Please email me if you can’t find these questions. ~Dr. Anthony

[Kevin Mehok]

Hey Class,

We will soon need to understand the value of implementing solid steps to IT Risk Management.
I feel that IT risk management is the application of risk management methods to information technology to manage the risks inherent in that space (Bridges, 2019). I have learned this week that in order to do that means assessing the business risks associated with the use, ownership, operation and adoption of IT in an organization (Bridges, 2019). If we can work together and discuss the following steps in order to manage risk with confidence, or not (Bridges, 2019).

1. Identify the Risk
We can’t prepare for risk without first figuring out, to the best of our abilities, where and when it might arise (Bridges, 2019). Therefore, both manager and team must be alert to uncovering and recognizing any risks, then detailing them by explaining how they might impact the project and outcomes (Bridges, 2019). One method is using an IT risk assessment template (Bridges, 2019).

2. Analyze the Risk
Once we’ve identified risk, we then must analyze it and discern if it’s big, small or minimal in its impact (Bridges, 2019). Also, what would be the impact of each of the risks? Study the risk and how it might influence the project in various ways. We’ll add these findings to our risk assessment (Bridges, 2019).

3. Evaluate and Rank the Risk
Once we evaluate the impact of risks and prioritize them, we can begin to develop strategies to control them (Bridges, 2019). This is done by understanding what the risk can do to the project, which is determining the likelihood of it occurring and the magnitude of its impact (Bridges, 2019). This is a massive piece of assessment evaluation. Then we can say that the risk must be addressed or can be ignored without faulting the overall project (Bridges, 2019). Again, these rankings would be added to our risk assessment.

4. Respond to the Risk
After all this, if the risk becomes an actual issue, then we’re no longer in the theoretical realm (Bridges, 2019). It’s time for action. This is what’s called risk response planning in which we can take our high-priority risks and decide how to treat them or modify them, so they place as a lower priority (Bridges, 2019). Risk mitigation strategies apply here, as well as preventive and contingency plans. Add these approaches to our risk assessment (Bridges, 2019).

5. Monitor & Review the Risk
Once we act, we must track and review the progress of mitigating the risk. Use our risk assessment to track and monitor how our teams are dealing with the risk to make sure that nothing has been left out or forgotten (Bridges, 2019).

God Bless,

Kevin

References:

Bridges, J. (2019) https://www.projectmanager.com/training/it-risk-management-strategies

[Author]

Posts