This website uses cookies to ensure you have the best experience. Learn more

An Evaluation Of Information Security And Risk Management Theories

2183 words - 9 pages

An abundance of information security and risk management theories are prevalent; however, it can be difficult to identify valid and applicable theories. In the reading to follow, several information security and risk management theories are evaluated. These theories are presented and employed via various frameworks, models, and best practice guidelines. An assessment of sufficient research pertaining to these theories is addressed, along with a consideration of the challenges that arise from a lack of research.
Theories
The evolution and understanding of the importance of information security and risk management originates from the awareness for the potential of IT in business functions and as a business enabler. This was then followed by the realization that the risks brought about by this boundless facilitator must be appropriately understood and addressed. The essence of information security and risk management is to identify low vs. high-risk systems and processes, followed by appropriately addressing those risks.
Risk Management Theory. The Risk Management Theory has been around for quite some time. According to Hong, Chi, Chao, and Tang (2003), risks pertaining to IT security can be measured and evaluated by means of assessing potential attack vectors, and susceptibilities to the organization’s systems and processes. The authors suggest that the outcome of this evaluation allows for the identification of essential security programs and the employment of IT security controls to mitigate these risks. The intended outcome of utilizing this theory is to manage risks until they are at a permissible state. The Risk Management Theory, while broad in nature, does not encompass enough of the information security and risk management paradigm. Though it is supported by considerable research, this author opines that it would be most effective to incorporate the theory amongst additional frameworks.
Control Objectives for Information and Related Technology (COBIT). Originally published in 1996, COBIT is a globally recognized framework centered on controls pertaining to IT governance (Burch, 2008). The Information Systems Audit and Control Association (ISACA) established the framework in conjunction with the IT Governance Institute. As the framework has evolved to encompass the management of IT in addition to IT governance, COBIT 5 was unveiled in April of 2012 and declared by ISACA to be “…the only business framework for the governance and management of enterprise IT” (ISACA, 2012c). COBIT 5 for Information Security has also been developed by ISACA and is intended to be an encompassing framework to link together with other frameworks and information security best practices. Such frameworks and standards that COBIT 5 for Information Security is complemented by include ISACA’s Business Model for Information Security (BMIS), the Information Security Forum’s (ISF) Standard of Good Practice, the ISO/IEC 27000 series, NIST SP 800-53a, and...

Find Another Essay On An Evaluation of Information Security and Risk Management Theories

Security Risk Management SRM and Auditing

1022 words - 4 pages activities of the IT security function are varying in accordance with the criteria of size and sector"(Osborne 1998). The lack of management support is one of the key failures for IT project implementations (Johnson 1995). Similarly, without adequate management support, IT security audit would not accomplish much. Part of a balanced SRM is a proper risk evaluation or an audit. An IT security audit should be integrated into the corporate

Security Risk in Utility Management Workplace Security

1717 words - 7 pages Security Risk in Utility ManagementAs a member of management for a local utility, we deal with security in regards to our operation on a daily basis. A great amount of money, labor, and time is implemented in regards to the safety and security of our organization for the good of our employees and our consumers. Outside threats add to the significance of the challenge. Electric and gas utilities experience twice the number of attacks than do

Evaluation of Sociological Theories

2222 words - 9 pages Evaluation of Sociological Theories Deviance can be described as: "Nonconformity with existing/traditional social norms. This nonconformity is often said to be pathological when it challenges power and privilege; yet it is said to be indicative of innovation or creativity when the gatekeepers of morality approve it. A loaded term, deviancy is a negative asset when the environment is stable but can be a positive asset to

Theories of Leadership and Management

1294 words - 5 pages Blanchard is an author and expert in the management field. They are both management experts and argue that situations like this happen due to the fact that those placed in leadership positions do not always match their personal leading styles with the needs of the people they are to lead. Blanchard is best known for his book “The One Minute Manager”, which has sold more than 13 million copies. Together Paul and Ken published “Management of

Management and Information Systems: An Ideal Choice

931 words - 4 pages the same. There will always be people and positions to administer, manage, and organize. What could be better than merging two of the most sought after career paths? However, there is still a greater goal to strive to accomplish. Management and Information Systems is a wonderful degree that combines different paths to form an equilibrium of academic study to provide a new opportunity with more possibilities for students as future and prospective

Management of Information Systems in an Organization

884 words - 4 pages , freeing up more time for other valued activities such as people-management, providing better quality and more timely information to aid the decision-making process.(3) An MIS provides the following advantages: 1. It Facilitates planning: MIS improves the quality of plants by providing relevant information for sound decision – making. Due to increase in the size and complexity of organizations, managers have lost personal contact with the scene of

INTERAL CONTROL AND RISK EVALUATION

942 words - 4 pages Running head: INTERAL CONTROL AND RISK EVALUATION Internal Control and Risk Evaluation Patricia Coleman ACC/542 April 7, 2014 Maryln Fisher In today's society, internal controls are applied to support an organization's managers to become more successfully to release the responsibilities by applying and understanding internal control concepts. Internal controls are most frequently saw as "a lot of red tapes"; however, internal controls have

How to Establish a Risk Management Process for an Information System?

1658 words - 7 pages environment based on reliable organizational communications and instructive criticisms in order to enhance the risk-related responses (Information Security, 2011). Risk framing is the first component of the risk management process in which an organization establishes a risk environment describing the circumstances in which risk-based decisions are made. The aim of this component is to establish a risk management strategy that determines how

Ethics and Information Security

1074 words - 4 pages Ethics and Online Source Information What is Ethics? In my opinion, ethics give people free will to make right choices. People have free will to make choices that are governed with responsibility, accountability, and liability. We have a responsibility to perform in an ethical manner and be accountable for our choices or actions. Regardless of the circumstances and choices we make, there are consequences if we make the wrong choice. The

Importance of Information Security

1666 words - 7 pages overt channel, one convention is tunneled inside an alternate to sidestep the security approach; for instance, Telnet over FTP, texting over HTTP, and IP over Post Office Protocol form 3 (Pop3). An alternate illustration of an overt channel is utilizing watermarks as a part of JPEG pictures to release private data. A transmission channel that is dependent upon encoding information utilizing an alternate set of events is called as covert channel

An analysis of strategic role of information systems, specific social, ethical and legal issues, IT infrastructure and emerging technologies, and information systems security within FedEx Corporation

5469 words - 22 pages technologies; information systems security; couple with final conclusions and recommendations.2. Strategic role of information systems at FedExA strategic information system is the one that can change the goals, product/service, processes, and/or environmental relationships to help achieve competitive advantage for an organisation (Martakos n.d., p.11). To understand competitive advantage Porter's competitive forces (i.e. new market entrants

Similar Essays

Advanced Risk Management In Information Assurance And Security Ncu/Information Security Homework

1988 words - 8 pages compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-A7. Chen, P., Kataria, G., and Krishnan, R. (2011). Correlated failures, diversification, and information security risk management. MIS Quarterly, 35(2), 397-422. Duvenage, P., von Solms, S., and Corregedor, M. (2015). The cyber counterintelligence process: A conceptual overview and theoretical proposition. Proceedings of

An Evaluation Of Security Acts And Models

1936 words - 8 pages . Public and private sector organizations must abide by government-mandated legislation regarding information security and risk management. Guiding Principles Several statues have been enacted in order to uphold the fundamental rights to the privacy of an individual’s information. In particular, these laws pertain to what it is known as personally identifiable information (PII). PII should always be protected via means of encryption and additional

Evaluation Of Information Systems Management And Business Information Management

1263 words - 6 pages 1.0 INTRODUCTION 1.1 Background The program that I have chosen is Bachelor of Information Technology (Hons) Business Information Management in HELP University. The aim of this program is to provide understanding of the issues involved in develop and managing information systems in a current business context. This program also gives students the appropriate knowledge and skills to enable them to adopt with the field of managing and developing

An Integrated System Theory Of Information Security Management

678 words - 3 pages based on authors are planning, forming consensus, organization, drafting, implementing and reviewing. 2.3 Risk management theory Planning and investigation are required to detect risk, threats and vulnerability of the information system. The result is to control and cover the level of the organization. 2.4 Control and auditing theory Information security management should recognize type of risk that can attack the information and protect