Premium Essay

Security Risk Management Plan

In:

Submitted By jezbro
Words 2028
Pages 9
SECURITY RISK MANAGEMENT PLAN

Prepared by Jeremy Davis

Version control

Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 |

Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15

Executive summary

A Security Risk Management Plan (SRMP) helps CBS by providing specific guidelines and rules to ensure risk management is considered and included. It provides guidelines for its implementation that can minimise the threats by planning, policies, processes and procedures that can help your business get everything back to normal as soon as possible.

This SRMP was designed for the guidelines for its implementation of risk management in CBS and in its operations in order to ensure its security and safety of its staff and assets. Throughout this SRMP it identifies threats, procedures, policies, responsible person and etc which will provide you and your staff information to prepare you with the worst disaster event.

Every business these days has a SRMP in case of any events which may occur, this is essential for every business to provide a base of guidelines and security risk controls.

Project purpose

The purpose of this Security Risk Management Plan is to provide a guideline of risk management in CBS and its operation. It also analyses risks and provides information on implementation of risk controls to ensure security.

Scope of Risk management

The project aim of CBS

Similar Documents

Premium Essay

Risk Management Plan for Defense Logistics Information Service

...Risk Management Plan for Defense Logistics Information Service 1. PURPOSE This Risk Management Plan is an overall look at how Defense Logistics Information Service can protect it’s data. The implication of lost confidential government data is the primary cause for this plan, and will be treated with the utmost importance. 2. GUIDING PRINCIPLES This plan will be presented through a formal, written, written risk management, and security safety program. The Security Safety and Risk Management Program supports the DLIS philosophy that government safety and risk management is everyone’s responsibility. Teamwork and participation among management, providers, and staff are essential for an efficient and effective patient safety and risk management program. The program will be implemented through the coordination of multiple organizational functions and the activities of multiple departments. DLIS supports the establishment of such clauses and best practices. An in depth look at mistakes made and ways we can learn from them will be at the forefront of out investigation. Constructive feedback will play a large part as well. In a just culture, unsafe conditions and hazards are readily and proactively identified, mistakes are openly dicussed, and suggestions for systematic improvements are welcomed. Individuals are still held accountable for compliance with safety and risk management practives. As such, if evaluation and investigation of an error or even reveal reckless behavior...

Words: 829 - Pages: 4

Premium Essay

Improving Security Through Layed Security

...an organization, yet traditional security practices have either not provided adequate protection of information or have been so restrictive that they have prevented companies from making the maximum use of information to innovate, collaborate, and achieve competitive advantages. The security approach that many organizations have been forced to take in the past have been a reactive approach rather than viewing information security as a business enabler they see it as a inhibitor, designed to prevent bad things from happening. The problem with this is that good efforts in one area can be quickly nullified by failures in another. To help with its security transformation, Global called upon the expertise of CIS, its own security division, CIS’s information risk management strategy brings together, within a global framework, all the components that an organization needs to plan and implement an end-to-end approach for protecting a business’s most critical information assets. Looking a compliance you have to understand that there are certain laws that apply to financial data. The question at hand is looking at reporting from a unsecure network. Bringing in a risk team will first a foremost put that to a stop, finance data should not be reported over unsecured networks, this can a violation of compliance law by letting information out be that either non encrypted or passing it along where it is vulnerable. Assuring the integrity and security of personal information held by banks...

Words: 1132 - Pages: 5

Premium Essay

Business Paper

...Business and Commercial Awareness ------------------------------------------------- MODULE CODE: 6FBS1261MODULE LEADER: Mr. Neil GodfreyImplementation PlanMember: Jenna Julien                      ID NUMBER: 13028960Programme Delivered by:CTS College of Business and Computer Science Ltd.Submission Date: 07/01/2013Final Word Count:1302(Excluding, Table of Contents, Tables & References) | Table of Contents Section 1.0 1 OVERVIEW OF INVESTMENT AND IMPACT ON FINANCIAL DEPARTMENT: 1 Section 2.0 2 LINKAGES WITH OTHER DEPARTMENTS: 2 Section 3.0 3 MILESTONES AND TIME PLAN FOR FINANCIAL ACTIVITIES: 3 Section 4.0 4 RISK MANAGEMENT PLAN: 4 TABLE 1: Showing Risk Plan for Implementation Plan 5 TABLE 2: Showing Risk Assessment for Implementation Plan 5 Section 5.0 6 FINANCIAL OVERVIEW OF INVESTMENT: 6 COST-PLAN 6 TABLE 3: SHOWING DETAILED EXPENSE ACCOUNT 7 TABLE 4: SHOWING TOTAL PROJECTED YEARLY INCOME 8 TABLE 5: SHOWING PROJECTED COST-INCOME RATIO 8 TABLE 6: SHOWING TOTAL FORECASTED PROFITS 8 TABLE 7: SHOWING PROJECTED PROFIT-INCOME RATIO 9 TABLE 8: SHOWING PROJECTED BREAK-EVEN PERIOD FOR 9 Section 6.0 10 RESOURCE REQUIREMENTS BY THE FINANCE DEPARTMENT: 10 Section 7.0 11 KEY PERFORMANCE INDICATORS 11 Section 8.0 12 REFERENCES 12 Section 1.0 OVERVIEW OF INVESTMENT AND IMPACT ON FINANCIAL DEPARTMENT: The 3 star new build in Rio de Jainero, Brazil was chosen as the best investment idea by our syndicate...

Words: 2601 - Pages: 11

Premium Essay

Communication Product

...RESULTS-BASED PUBLIC SECTOR MANAGEMENT A Rapid Assessment Guide PLAN EVALUATE BUDGET RESULTS MONITOR IMPLEMENT i RESULTS-BASED PUBLIC SECTOR MANAGEMENT A Rapid Assessment Guide © 2012 Asian Development Bank All rights reserved. Published in 2012. Printed in the Philippines ISBN 978-92-9092-838-6 (Print), 978-92-9092-839-3 (PDF) Publication Stock No. TIM124978 Cataloging-In-Publication Data Asian Development Bank    Results-based public sector management: A rapid assessment guide. Mandaluyong City, Philippines: Asian Development Bank, 2012. 1. Managing for development results   2. Results-based management    3. Public sector.   I. Asian Development Bank. The views expressed in this publication are those of the authors and do not necessarily reflect the views and policies of the Asian Development Bank (ADB), its Board of Governors, or the governments they represent. ADB does not guarantee the accuracy of the data included in this publication and accepts no responsibility for any consequence of their use. By making any designation of or reference to a particular territory or geographic area, or by using the term “country” in this document, ADB does not intend to make any judgments as to the legal or other status of any territory or area. ADB encourages printing or copying information exclusively for personal and noncommercial use with proper acknowledgment of ADB. Users are restricted from reselling, redistributing, or creating...

Words: 5265 - Pages: 22

Premium Essay

Recognizing and Minimizing Tort and Regulatory Risk Plan

...Regulatory Risk Plan Recognizing and Minimizing Tort and Regulatory Risk Plan LAW/531 September 29, 2010 Introduction Alumina, Inc. makes aluminum products and has revenues of over $4 Billion Dollars. The company is based in the United States (US) with operations in eight other countries around the world. The US accounts for 70% of Alumina’s market share. Alumina has business interests in automotive components and manufacture packaging materials, bauxite mining, and Alumina refining and smelting. The company falls under the jurisdiction of Region 6 of the Environmental Protection Agency (EPA) (University of Phoenix, 2010). Recognizing and Minimizing Tort and Regulatory Risk Plan Companies and organizations such as Alumina, Inc. have corporate governances that require them to operate their businesses under government rules, regulations and boundaries. The rules and regulations have been authorized and enacted by major legislation, which are enacted by Congress and enforceable by laws. Minimizing the risk of tort liability is the goal of every organization and company. Five years ago Alumina was in violation of environmental discharge norms in a routine EPA compliance evaluation inspection. The EPA ordered a cleaned up and Alumina complied right away. Now, the case of negligence starts. The government places a high level the importance on the preservation of the environment and enforces environmental regulations. Alumina has to come up with a risk management...

Words: 1581 - Pages: 7

Premium Essay

Security Risk Management Course Paper

...protection of the hardware that runs the information system. Therefore, a proper understanding of risk management and all that it entails is of the utmost importance for every IT professional, regardless of specialization. The purpose of this paper is to identify what risk management is and give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential issue and develop policies and security measures to combat these risks. Risk management is comprised of three phases: risk identification, risk assessment, and risk control (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Risk Identification Risk identification is simply the identification and documentation of the assets and the threats to those assets. Risk identification is an...

Words: 2778 - Pages: 12

Premium Essay

Emergency Planning and Business Continuity Management and How It May Be Integrated with Security Risk Management.

... should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats. Therefore, security is no longer viewed as a stand-alone...

Words: 5764 - Pages: 24

Premium Essay

Information Assurance

...Risk Management Framework Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Enterprise Risk Key activities in managing enterprise-level risk—risk resulting from the operation of an information system: Categorize the information system Select set of minimum (baseline) security controls Refine the security control set based on risk assessment Document security controls in system security plan Implement the security controls in the information system Assess the security controls Determine agency-level risk and risk acceptability Authorize information system operation Monitor security controls on a continuous basis NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 Risk Management Framework Starting Point CATEGORIZE Information System Define criticality/sensitivity of information system according to potential worst-case, adverse impact to mission/business. MONITOR Security State Continuously track changes to the information system that may affect security controls and reassess control effectiveness. SELECT Security Controls Select baseline security controls; apply tailoring guidance and supplement controls as needed based on risk assessment. Security Life Cycle AUTHORIZE Information System Determine risk to organizational operations and assets, individuals, other organizations, and the Nation; if acceptable, authorize operation. IMPLEMENT Security Controls Implement...

Words: 723 - Pages: 3

Premium Essay

Risk Management Plan

...Introduction: Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates: • Maintaining situation awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls; • Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials. Purpose: The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility...

Words: 4395 - Pages: 18

Premium Essay

Risk Management Project Part 1 Task 1

...Tony Stark Risk Management Project Part 1 Task 1 Introduction A risk management plan is important for any business or organization regardless of the business’s or organization’s size. In the case of the Defense Logistics Information Service (DLIS), a risk management plan is critical in making sure the data that DLIS handles is protected. Loss or stolen information from DLIS can affect military assets. A plan needs to be made to be able to follow procedures in the event of an incident and to help mitigate data loss. Risk Management Outline 1.0 Introduction 2.1 Purpose and Objectives 2.0 Identify Threats 3.2 Attacks from the Internet 3.3 Hardware or software failures 3.4 Loss of Internet connectivity 3.5 Nature 3.0 Identify Vulnerabilities 4.6 Lack of firewall 4.7 Lack of intrusion detection 4.8 Lack of antivirus software 4.9 Lack of server updates 4.10 Lack of antivirus updates 4.0 Assign Responsibilities 5.0 Identify the cost of an outage 6.0 Provide recommendations 7.0 Identify the cost of recommendations 8.0 Provide a cost-benefit analysis (CBA) 9.0 Document accepted recommendations 10.0 Track implementation 11.0 Create POAM Scope The Scope of this risk management plan is the existing hardware and software currently in place. This is to include the current personnel, contractors, and vendors. The scope will have to be redefined if...

Words: 612 - Pages: 3

Premium Essay

Risk Management

...imperative that leaders at all levels of an organization understand their responsibilities for achieving adequate information security and for managing information system-related security risks (National Institute of Standards and Technology, 2010). One common methodology for implementing information security is known as Certification and Accreditation. Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security requirements that are well documented and authorized (Tipton & Krause, 2007). In order to improve information security, strengthen risk management processes, guarantee standardization, and enforce federal policies, the National Institute of Standards and Technology (NIST) partnered with the Department of Defense to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF) (National Institute of Standards and Technology, 2010). The Risk Management Framework provides a structured, yet flexible approach for managing risk to the business processes of a federal organization; however, these principles are crucial to both federal and commercial IT operations since they certify that the management of security risks is consistent with the organization’s mission objectives. Additionally, they ensure the risk management framework is smoothly integrated into the organization’s enterprise architecture...

Words: 1273 - Pages: 6

Premium Essay

Understand Security

...Understanding Security Introduction . Security management and systems have often been perceived as a non –productive expensive capital overhead by the stakeholders of companies and a hindrance to employees. The purpose of this assignment is to, Identify what is seen as the main purpose of security management and discuss what is meant by the statement ‘security measures must be commensurate with the threat’. Discussion. Judgements on risk are made by almost all of us on a daily basis, this may be something as simple as crossing the road, subconsciously we adopt a thought process, how fast is the traffic moving? Is it wet? What is the distance needed to travel to safety? Once this thought process has been followed if there remains an element of doubt we then start to mitigate, the type of shoes we are wearing for example, trainers could get us from A to B quicker than if we were donning leather shoes, or if the vehicle in question was a bus pulling away from a stop we would have time to cross safely, on understanding this process we can begin to appreciate the fundamental building blocks of which security management is based. Security management’s primary concern is with the protection of a company or organisational assets. An essential part of security management is the preparation of contingency plans in a response to incidents that could occur and additional control measures implemented as a direct response to any increase in the level of threat, to explain further, security management...

Words: 1491 - Pages: 6

Free Essay

The Risk Management Paper

...In organizations risk management is a necessary tool that is helpful, to secure the company to stay in top financial shape. When using risk management is vital with promises that security also governs spending are fair, with the risks that come with it to which the companies are exposed. Subsequent an inclusive, also proper risk management method needed the clear understanding of values with danger in the matter. The danger is further than inquiries, with effectiveness, also the method with it. In this paper, it will talk about the part and nature of authoritative risk management in justice and security associations why it is essential. Getting ready for threats and distinguishing assets, the reason justice also security associations deal with risk, expenditure connected with overseeing risk, penalties for not supervising the risk, Benefits also accurately performed risk analysis has for management and key partners, also the conclusion. Therefore, the reader can have an in-depth, understanding of the security and criminal justice organizations. Role and nature of organizational risk management Risk management considered one, of the best assets that an organization could have. They make sure the business is financial safeguarded when finding different business endeavors they interested in investing into to broadening their company enterprise. “The Risk Management Function has been regarded as an advisory function for senior management rather than a control...

Words: 2227 - Pages: 9

Premium Essay

Lab 6

...Anthony Purkapile Introduction Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This includes Maintaining situational awareness of all systems across the organization Maintaining an understanding of threats and threat activities Assessing all security controls Collecting, correlating, and analyzing security-related information Providing actionable communication of security status across all tiers of the organization Active management of risk by organizational officials Purpose The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility into organizational...

Words: 1881 - Pages: 8

Premium Essay

Risk Management Plan

...Risk Management Plan YIELDMORE Version 1.0.1 Table of Contents Executive Summary...………………………………………………………..3 1.0 Introduction..……………………………………………………………..4 1.1 Purpose of the Risk Management Plan……………..…….....4 2.0 Risk Management Procedure……….…………………………………...4 2.1 Objectives……………………………………………………4 2.2 Scope………………………………………………………...4 2.3 Compliance Laws and Regulations…………….………………….…....5 2.3.1 PCI DSS Summary ………………………………..…....…5 2.3.2 Sarbanes Oxley Act Summary ………………………..…..6 2.4 Roles and Responsibilities……………………………………..….…..6 2.4.1 Threat Identification………………………………………..7 2.4.2 Methods for Risk Identification……………………...…….7 2.4.3 Vulnerability Identification...………………………...…….7 2.4.4 Pair Threats & Vulnerabilities……………………...………8 2.5 Risk Analysis………………………………………………….……......8 2.6 Risk Monitoring……………………………………………....………..9 2.6.1 Risk Management Plan Approval………………………….10 Executive Summary A risk is an event or condition that if a threat exploits vulnerability there could be a positive or negative effect on a business or project. Risk Management is the practice of identifying, assessing, controlling and mitigating risks. This document is a guideline in completing a Risk Management Plan. The Risk Management Plan describes the vulnerabilities and threat pairs that could be a potential risk, and outlines a plan to be performed, recorded, and monitored with control measures. The Risk Management Plan is important because it outlines...

Words: 1648 - Pages: 7