Paper Topic:
Information Security
Information Security Author Muthuvenkatesh Table of Contents 1 . Introduction .3 2 . Risk Planning and Identification .3 3 . Common Threat Sources .3 4 . Risk Mitigation .3 5 . Risk Transference .4 6 . Risk Avoidance . 4 7 . Risk Acceptance .4 8 . Conclusion .5 9 . Abbreviations .6 10 . Bibliography /List of references .6 Introduction New server farm has been installed for eWidgets to meet the increasing demand for the widgets . The servers will be accessed both internally and externally . A strategy need to be developed for
the security of the server farm . This document outlines the Risk Management plan approach to address the risk
Risk Planning and Identification
Risk management planning is the process of deciding how to approach and conduct the risk management activities for a project . It ensures that the level , type and visibility of risk management are commensurate with both the risk and importance of the project to the organization , to provide sufficient resources and time for risk management activities and to establish an agreed-upon basis for evaluating risks . The planning provides the methodology , roles and responsibilities , budgeting , timing risk categories , risk probability and impact , probability and impact matrix . Then this sets the ground for the risk identification which clearly defines the risks for the system . Then the quantitative and qualitative risk analysis is done to see how the risks positively or negatively impact the project . Finally , the response plans are created which utilize the tools (Mitigate , Avoid , Transfer and Accept ) and strategies to tackle the risk
Common Threat Sources
In to respond to the risk , we need to identify the threat sources . Very common threats to the IT server farm could be the following
Natural Threats - Floods , earthquakes , tornados
Human Threats - Events that are either enabled or caused by Human beings , such as unintentional acts (inadvertent data entry ) or deliberate actions (network based attacks , malicious software upload , unauthorized access to confidential information
Environmental Threats - Long-term power failure , pollution , chemicals liquid leakage
Technical threats - from advances in technology , technical failure etc Risk Mitigation
According to the Project Management Body of Knowledge 3rd Edition (PMBOK ) published by Project Management Institute Risk Mitigation implies a reduction in the probability and /or impact of an adverse risk event to an acceptable threshold A good example for this situation would be the Environmental Threats like Power Outages . The server farms have very low tolerance for the power outages or the consequent lack of access to internet Therefore , they rely on diesel backup generators , to mitigate the risk posed by the power outage
One other area of risk mitigation is the User access and control . A good process need to be in place to mitigate the user access risk which could potentially contribute to the intrusion and compromise the security of the server farm
Risk Transference
PMBOK explains Risk Transference requires shifting the negative impact of a threat , along with ownership of the response , to a third party
Risk can be transferred in two ways . One way is to get insurance for the server farm...
Not the Essay You're looking for? Get a custom essay (only for $12.99)
More Papers on information, risk, security, data, resources
Customers Who Downloaded This Coursework Also Viewed
Related searches on Project Management Body, PMBOK, Managing Risk
- DMZ reports
- sample papers on security
- papers on Project Management Body
- resources analysis
- merits of information
- disadvantages of Project Management Body
- advantages and disadvantages of risk
- Project Management Institute Risk Mitigation summary
- cause and effect of Managing Risk
- risk fallacies
- PMBOK test
- advantages of DMZ
- Managing Risk introduction
