RISK MANAGEMENT

Information Technology Security and Risk Management

Information Technology Security and Risk Management

Abstract

This is a research paper regarding the Information Technology Security and Risk management. In this paper, we will discuss the different threats and dangers that can occur from internal or external source in an organization. We will analyze the different security policies and criteria regarding information technology. We will also discuss the methodology in order to counter these risks. What necessary measure should be taken to avoid these risks? Making of the strategies and setting the agenda about the risk management system. This paper includes analysis of different organizations and how they have developed their risk management system in order to coup the information technology security.

Introduction

Organizations are always concern in selecting and evaluating the various services provided by information technology for security purpose. Organizations keep their intentions clear about maintaining and improving their overall IT security programs and enterprise architecture. These security services that contain a variety of ranges security policy to support detection is offered by IT department present internally in an organization or by contracting with the vendors available in the market. The selection of the security services can benefit the organization in competitive and bringing innovative ideas, in the market. In fact, it is very challenging and difficult in order to determine the capabilities, abilities, reliability service and navigating the complexities in the service agreements. The responsible authority that is a concern to select the service providers for an organization must keen fully evaluates all the options of the resources that are to be used. The authority must verify about the record of service providers in order to avoid any mishap in designing and implementing the security plans.

The criteria for selecting the service providers for the implementation and management of IT security services contain numerous factors. They are kind of service providence, qualification and capabilities of service providers, operational requirements, experience of providers, trust of the employees of service providers and the ability of service provider to meet the requirements of the organization. These factors apply differently on every service depending upon the nature of the required service.

The IT security life cycle consists of six parts. They are initiation, assessment, solution, implementation, operations and close out. Initiation contains the analysis of the decision that it will be feasible in favor of the organization. Assessment is the process in which company evaluates the problem and comes out with an appropriate solution. Solutions include the feasibility of the proposed solution that how effective the solution will be for the organization. Implementation contains the selection of service providers, service arrangements and implementation of the approved solution. Operations involve the evaluation and monitoring of the work by providers in order to ensure that the solution is implemented perfectly. Closeout contains the final testing of the work and insurance of the smooth transition.

Discussion

Question # 2

Using a Web search engine, find an article from a reputable source published within the past six months that reports on the relative risk that comes from inside ...