Get premium membership and access questions with answers, video lessons as well as revision papers.

Information security management is about viewing and managing risks in terms of the causes, effects and therefore costs of loss of security.

      

Information security management is about viewing and managing risks in terms of the causes, effects and therefore costs of loss of security.

Required:
Identify and briefly describe the stages involved in systematic management of information systems.

  

Answers


Wilfred
1. Identification of the organization?s assets
This involves taking an inventory of all the organizationā€˜s information security assets e.g. computers, data, personnel, programs, networks, etc
2. Determination of the risks to the assets
For each asset a list of associated risks is produced. For instance, for computers, associated risks include:
- Fire
- Vandalism
- Theft, etc
3. Estimating likelihood of occurrence of each risk
The likelihood of occurrence may be generally classified as high, low or medium.
4. Computation of expected annual losses due to occurrences of the risks.
5. Surveying applicable risk controls and their costs.
6. Selection of appropriate controls
The selection is largely determined by the cost of the control. Where the cost of the control exceeds the estimated loss due to the occurrence of the risk, the control is discarded and an alternative one selected.
7. Projection of annual savings due to the controls
An estimate of the annual cost savings to an organization should be produced with the costs of the controls in mind and the levels of occurrence of the associated risks reduced.
8. Implementation of the risk controls
This should be after management has assessed and approved the selected controls and their cost savings.
9. Review of controls to determine their effectiveness in preventing the occurrence of risks.
10. Implementation of review findings.
Wilfykil answered the question on March 1, 2019 at 10:24


Next: There are three main types of network topologies namely; star, ring and bus. As a network administrator, you have been asked to produce a briefing...
Previous: Explain six reasons why a businessman would choose to operate a current account instead of a savings account.

View More CPA Management Information Systems Questions and Answers | Return to Questions Index


Learn High School English on YouTube

Related Questions