Premium Essay

Isec 300, Homework 04

In:

Submitted By Iago
Words 894
Pages 4
ISEC 300, Homework 04
1. (Whitman & Mattord, 2011, p. 167) what is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process?
According to Whitman, risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. The identification of risk, by listing assets and vulnerabilities, is so important to the risk management process in the sense that the identification stage allows managers or information security professionals to identify the organization’s information assets, classify them into useful groups, and prioritize them by according to their importance to the organization. Every risk is worth being considered because it can have serious impact on the organization operations. However, identifying risks is very important because it gives an organization the opportunity to see which risks can cause significant damage so that the organization can tackle those risks first.
2. (Whitman & Mattord, 2011, p. 167) why do networking components need more examination from an information security perspective than from a systems development perspective?
Networking components need more examination from an information security perspective than from a systems development perspective in the sense that they are the most vulnerable points through which most attacks an organization system occur. Hackers exploit networking components to find their way into the system. If an organization networking components such routers, serial number, physical and logical location, and IP address are poorly secured, they serve as potential opportunities for hackers gain access to the system and compromise the organization information’s confidentiality, integrity, and

Similar Documents