Evaluation and Mitigation of Organisational Risk

Abstract

This report evaluates and provides mitigating measures for TrainTech Inc . based on the on the BS ISO /IEC 17799 :2005 of the British Standard Institution in to ensure the information security of the company and its competitive advantage in the global market of information technology (IT . The specific objectives to be attained include (a review of literature on information security and risk management (b identify the information assets of TrainTech Inc (c ) Evaluate the threats and vulnerabilities of the company (e ) determine effective mitigating tools to avoid such risks and

(f ) provide conclusions and recommendations for the success of the company 's over all performance

Evaluating and Mitigating the Security Risks of TrainTech Inc

A Term Presented to the Faculty of

_________________________

College of ____________________

__________________ University

Prepared by

August 2007

Introduction

Information security , as the responsibility of information technology (IT ) departments , is a business issue as well as a technological one (Bielski 2005 ,

. 7 AICPA 2005 Lohmeyer , Mccrory and Pogreb , 2002 ,

br 7 . This study seeks to evaluate and mitigate organisational risks faced by the TrainTech Inc . in terms of information security based on BS International Organisation for Standardisation (ISO /International Electrotechnical Commission (IEC ) 17799 :2005 of the British Standard This report serves the Chief Executive Officer (CEO ) of TrainTech Inc in ensuring the company 's information security . In particular , it attempts to answer the following questions (a ) What are the information assets in TrainTech Inc (b ) What are the threats and vulnerabilities for each information asset in TrainTech Inc (c ) What mitigating actions can be applied to the identified risks of the company

Information Security and Risk Management

The issue on information security critically addresses the approach of organisations in operating safely in the internet economy . The failure or lack of information security is one of the great challenges of most IT companies and it even caused others to suffer even if they have the right security products , competent in-house security staff , and a compelling business need for good information security . In 2001 , for example , businesses in the United States reported 53 thousand cases of system break-ins , a 150 increase over 2000 . The reason behind this devastating incident is because security in the internet economy has become too complex and dynamic for most companies to deal with (O 'Neill Tippett , 2001 ,

. 74 . Thus , in for companies to safeguard their assets and to have a more competitive advantage , they need a properly implemented security infrastructure innovation (Andress , 2003 ,

. 12

Competitive advantage enables firms to continuously and successfully operate in the economy where intangible assets are more important than the tangible ones . It is usually attained if a company has well researched and managed intellectual assets (Means Schneider , 2000 Leadbeater , 2000 Winter , 2000 quoted in Beal , Brent Thomas 2004 ,

br 4 . The process by which organisations manage information and knowledge has been articulated by Boisot (1995 ) and summarized by McGaughey (2002 . They stated that the value of information good is derived from its...