The task is to carry out an information security risk, Ask an Expert

Engineering

The task is to carry out an information security risk assessment for an organization and develop an Information Security Strategy for that organization. This should include, at least:
a prioritized list of the risks identified (4 - 5 information risks) as follows:

i) Identify & analyse information risks with clear identification of assets, vulnerabilities and threats (TVA analysis). When you identify these risks make sure to classify them properly (for example, loss of information is a general risk, so you should clarify if it is loss of confidentiality, integrity or Availability).

ii) Give an estimate of single loss expectancy (SLE), annualized rate of occurrence (ARO) and then calculate the annualized loss expectancy (ALE). SLE & ARO should be justified form previous info. sec reports such as 2014 Information security breaches survey (http://www.pwc.co.uk/audit-assurance/publications/2014-information-security-breaches-survey.jhtml)
a list of specific controls that should be put in place, and any relevant guidance on how the controls should be implemented, along with clear rationales, in terms of costs and benefits, for the choices that have been made (see control examples).
an outline of the information security policies that should be established.

an audit strategy for the controls that have been proposed.

a suitable incident response plan.

You should make use of whatever accepted industry or international standards you feel are appropriate in carrying out this task, but either COBIT 5 or ISO 27000 series standards, or a combination of both are recommended.

If you feel that additional areas need to be addressed in the strategy, then please add them, with a brief explanation of why.

In selecting an organization to focus on, you may choose a specific organization with which one or more of your group are familiar. In the case where you choose an organization that not all of the group members are familiar with, you should clearly define the roles that each member of the group will take in the assignment work, bearing in mind the prior knowledge that each member has.

View complete question

Computer Engineering, Engineering

Category:- Computer Engineering
Reference No.:- M91607314

Have any Question?Write your Review or question?

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Recent Questions

Ask Computer Engineering Expert

Engineering

Related Questions in Computer Engineering

What are the key nonprice factors that influence demand and

Suppose i am designing a personnel database for a

In my sample database i need to use select statements to

A product is made up of three parts that act independently

Question research microwave serices and report on what

Suppose that you want an operation for the adt list that

Question you recently joined a local cyber security hackers

Suppose a firm is employing all its inputs so that the mrp

After reading the case presented in the module write a

An article in the wall street journal noted that an

Ask Experts for help!!

Looking for Assignment Help?

Why might a bank avoid the use of interest rate swaps even

Describe the difference between zero coupon bonds and

Compute the present value of an annuity of 880 per year

Compute the present value of an 1150 payment made in ten

Compute the present value of an annuity of 699 per year

Follow Us