INFORMATION SYSTEMS RISK MANAGEMENT

Information Systems Risk Management

Information Systems Risk Management

Abstract

The perspective of threat and function of threat evaluation methodology is important to being able to develop a protected computing environment successfully. Unluckily, this is still a testing field for information experts due to the rate of transformation in technology, the comparatively latest introduction and volatile development of the Internet, and possibly the occurrence of the approach (or certainty) that evaluating threat and distinguishing return on investment is just too hard to execute. This has kept information systems and information systems security in the unwanted position of being not capable to recognize completely and financially measure security threats. This in turn, has led to incompatible and unsuitable functions of security solutions as well as either too much or inadequate financial support for such actions. As a result, this paper addresses the problem of risk with respect to information systems and looks to answer the following question:

What is a threat with respect to information systems?

What are key system vulnerabilities?

What are potential internal and external threats?

What is the level of security required to secure information systems?

What are the principles of risk management?

Introduction

The fundamental risk associated with information systems is digital crime and digital terrorism. Digital crime and terrorism can be defined as, criminal and terrorist activities executed with the assistance of digital technology. There is considerable use of e-communication and the Internet by terrorist organizations, both locally and globally (Taylor et.al, 2006).

Digital evidence can play a vital role in a wide array of offenses, including killing, rape, kidnapping, child exploitation, solicitation of minors, child pornography, pestering, stalking, scam, robbery, drug trafficking, computer interruptions, spying, and terrorism (Casey, 2006).

Despite the fact that a growing number of criminals are using computers and computer networks, only some detectives are well knowledgeable in the evidentiary, technological, and lawful matters associated with digital facts. As a result, most of the time digital proof is not consider, collected wrongly and analyzed uselessly (Casey, 2006). This research paper will distinguish the risk associated with the information systems and what are the precautionary measures, you can take to secure your information systems from potential threats of digital crime and digital terrorism.

Discussion

Risk with Respect to Information Systems

Risk is a possible damage that may take place from some present procedure or some possible event. Risk is there in every aspect of our lives and various fields focus on risk as it relates to them. From the perspective of information systems protection, risk management is the method of accepting and reacting to issues that may escort to a letdown in the privacy, honesty or accessibility of an information system. IT protection risk is the damage to a procedure or the associated information consequential from some decisive or unintended incident that harmfully impacts the procedure or the associated information (NIST, 2002). Risk is a function of the probability of a specified threat-source's implementing a specific potential vulnerability, and the consequential impact of that unfavorable incident on the firm.Threats

The prospective for a threat source to implement (unintentionally trigger ...