Here is the synopsis of our sample research paper on RISK ASSESSMENT, ANALYSIS AND STRATEGIES FOR INFORMATION SYSTEMS. Have the paper e-mailed to you 24/7/365.
Essay / Research Paper Abstract
This 4-page paper discusses risk assessment and strategies for protection of an information system. Bibliography lists 4 sources.
Page Count:
4 pages (~225 words per page)
File: AS43_MTisriskco.doc
Buy This Term Paper »
Unformatted sample text from the term paper:
month that doesnt go by when there is some announcement of some data breach in some company. Nor is there a month that goes by without some mention of some
potentially problematic new virus or Trojan Horse. Companies spend a great deal of money ensuring the safety of their data - yet these breaches still occur. The key to ensuring
the breaches are kept to a minimum involves a proper identification, assessment and analysis of risk, and then a policy to minimize risk.
Mouratidis et al (2008) point out that indentifying and preventing risk involves network security specialists considering the costs and benefits of preventing a particular type of risk, identifying priorities in
the organization, and then ranking the risks based on most probable to least probable, before moving on from there. Smedinghoff (2010) goes
one step further, pointing out that legalities also get into developing an information security program. As such, to assess risk, companies need to identify information and system assets and conduct
periodic risk assessments (Smedinghoff, 2010). Such periodic assessments include identifying specific threats to assets (i.e., analyzing vulnerabilities and estimating resulting harm if the threat materializes); identify and implement security controls;
monitor and test the program to ensure implementation and operations are effective and review and adjust the programs/security assessment in response to ongoing changes (Smedinghoff, 2010).
The above is great in theory - identify vulnerabilities, identify potential threats, the results of those threats, and the cost to the organization. The problem, however,
is that the real world doesnt allow for compartmentalization based on what Smedinghoff and others suggest. For example, in many cases, the IT people are not certain exactly what the
...