Controlling Risk

week 4 added for original draft

The Key Assignment final draft should include the following sections:

• Section 1: Information Security Management
  • This section will be used to describe the organization and establish the security model to be used by the organization.
• Section 2: Security Program
  • This section will focus on existing frameworks that can help in the implementation of a security plan and what a security organization should look like.
• Section 3: Security Policies
  • This section looks at security policies and their creation.
• Section 4: Assessing Risk
  • This section will focus on risk assessments and methodologies that are used to perform one.
• Section 5: Controlling Risk
  • This final section combines all of the previous sections and gives the opportunity to look at mechanisms to control risk.

Be sure to include an abstract and a References page in your final draft.

The project deliverables for Week 5 are as follows:

• Section 5: Controlling Risk
  • Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
    • Administrative
      • Human resources: Hiring and termination practices
      • Organizational structure: A formal security program
      • Security policies: Accurate, updated, and known or used
    • Technical
      • Access control: Least privileged
      • System architecture: Separated network segments
      • System configurations: Default configurations
    • Physical
      • Heating and air conditioning: Proper cooling and humidity
      • Fire: Fire suppression
      • Flood: Data center location
  • Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
  • Next, describe at least 3 safeguards for each that could be put in place to address the risk.
• Name the document "yourname_IT454_Final.doc."