Section 4 Professor's Notes: You did a fair job on the Unit Four IP assignment. You described a methodology that can be used to conduct a risk assessment for an organization. You did not describe the 4 methods for dealing with identified risk. This was discussed in the CHAT session. (Accept, Transfer, Mitigate, Avoid). You explained what Vulnerabilities, Threats & Exploits are. You also included a discussion about how they apply to a risk assessment. You made some good use of APA. You have a lot of references from Wikipedia which is not an approved scholarly source. All references should be in APA format as well. Please remove these and replace with scholarly references. You have met all of the other requirements for this assignment.
Section 5: Controlling Risk
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
- Human resources:Hiring and termination practices
- Organizational structure:A formal security program
- Security policies:Accurate, updated, and known or used
- Access control:Least privileged
- System architecture:Separated network segments
- System configurations:Default configurations
- Heating and air conditioning:Proper cooling and humidity
- Flood:Data center location
- Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
- Next, describe at least 3 safeguards for each that could be put in place to address the risk.
Section 4: Assessing Risk
This week will focus understanding the risk that an organization’s information systems face. You will review the risk assessment methodology and understand some of the basic terms that are associated with risk.
Describe a methodology that can be used to conduct a risk assessment for an organization.
Describe the 4 methods for dealing with identified risk.
Describe the following terms:
Include a discussion about how they apply to a risk assessment.
Section 3: Security Policies
Include appropriate examples of the following:
Include a distribution plan.
Section 2: Security Program
Create a data classification scheme.
Include at least 3 levels.
Discuss the need for management support.
Describe the security organization, including reporting structure.
Discuss reporting methods that are used to inform management of the program status.
Section 1: Information Security Management
Describe an organization of your choosing, for which you will implement a security program.
Describe the principles of security management, including the following:
Describe the role of project management with respect to implementing security management.
Describe how you plan to instill a secure mentality into an organization, including a tie into the project management discussion about when security concepts should be introduced into the project lifestyle.
Only need section 4 corrected and section 5 completed but I posted the other sections that information just FYI.