Information security management Essay Example | Topics and Well Written Essays - 2500 words - 1

Information security management - Essay Example Taking a step back, there is value in situating a risk assessment process for Accounting Company in the context of a cycle for managing risks. The chart below situates this particular exercise for Accounting Company in terms of a cycle that includes the (1) assessment of risks and determination of needs; (2) the implementation of controls and policies; (3) the promotion of awareness; and (4) monitoring and evaluation; all occurring within the context of a central point of focus (United States General Accounting Office 6): Meanwhile, a compilation of risk assessment approaches for information security that is taken from best practices of many different top organizations in the US has distilled the most important elements of an effective security risk assessment as follows: (1) the identification of threats that could significantly impair crucial assets and operations; (2) estimation of the likelihood of the occurrence of such identified threats; (3) the identification and prioritization of assets and operations in order to determine the most crucial assets and operations to protect in cases of the occurrence of the identified threats; 4) the estimation of probable losses in the event of the occurrence of the threats, to included losses from the costs of recovery, for the most important assets and operations (5) the identification of interventions for risk mitigation, where the emphasis is on the cost-effectiveness of such interventions; and (6) the documentation of the results and the development of a plan of action (General Accounting Office 6). To be sure, while the above outlines a generic information security risk assessment approach that is the common denominator for all kinds of effective, best practice, approaches, the literature actually details many different kinds. Including a matrix approach (Goel and Chen), and many other different best practice