This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

ISO 27001 standard

Admin 15 May 2021

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

 

 

 

 

 

 

 

 

 

 

 

 

Risk management

Professor’s name:

Student’s name:

Date:

ISO 27001 standard

ISO 27001 is an international standard that can set out the specification for a security information management system. It is considered as the best approach to practice as it helps organizations manage their information security system by addressing processes and people as well as technology. In other words, this enables organizations to evaluate, identity, and analyze weaknesses in their information security processes. This security management process has been effective in many organizations that I have worked for. It follows the risk-based approach to secure corporate assets information associated with people and processes (Bouder & Slavin, 2007).

The process is useful but can be challenging for many organizations because it is time-consuming because there is a need to collect data for analysis. Organizations have to ensure that the correct procedure is used in the whole process. The first thing to do is to establish a framework for risk assessment. This means that the process should be transparent, objective, and auditable with methodologies that are formal to ensure the production of consistent results every time. You have to begin by identifying the regulatory, business, and contractual requirements that you should meet with respect to the information security of the organization. A tool for risk assessment is what will help you in identifying which control will have to be adopted. Then determine a risk scale, which is measuring the frequency of occurrence of the particular risk. Risk assessment should have integral and compatible assets to be considered the best (Khatta, 2008).

The next step is identifying the risk, which is the most time-consuming part of this process. For a chance to occur, there must be three components that must be there. This includes a threat that is capable of affecting it, then the vulnerability which will allow the risk to affect and asset and an asset itself. An investment might include customer’s data, which an attacker might have access to. This might be a tempting target for the criminals, and the cost required to repair the systems to ensure data confidentiality might be high. The next thing that has to be done is to analyze the risk, including identifying how a threat might have occurred. There is a need to include the dangers that might exploit the assets and vulnerabilities in your purchase. It is essential to find the cause of risk so that appropriate measures can be put to ensure that the risk does not occur again (Siegrist et al., 2012).

Then evaluate the risks by automatically collecting results from calculations and analysis using a risk assessment software. In this case, you should be able to the risk that should be addressed and the order in which they should be addressed after being able to handle the highest bet before the others. Risks should be managed in charge of their effects on the organization. It will ensure that a threat has been managed before it can cause much damage to the systems. The last thing in the process of ISO 27001 is to make risk management options. After sorting all the risks separately, you should now decide o how to handle each of them. There are different types of threats, and they require special handling, which can be done using ways such as accepting the risk. This can be done because some risks cannot be avoided. Another method is a modification, which includes security control implementation to handle the risk. Avoiding the risk is also a good option that can be done by eliminating activities or incidences that might cause the chance to occur. The cost of risk can be shared through ensuring, which ensures that there are no financial constrains in case a risk occurs (Resta, 2020).

The controls then have to be implemented by making the objectives of the management known to the people so that they can work towards it. This calls for awareness and training for employees to be aware of the new procedures and policies. Employees have to be given enough time to learn new approaches to avoid much resistance.  Proper training will ensure that employees effectively work towards the controls (Khatta, 2008).

Some other frameworks have been discussed in the article that is very effective in risk management. This includes identifying the cause of a particular risk. A risk is not fully monitored if the cause of the threat has not been eliminated. This is because when the cause of the risk has not been eliminated, there is a chance for the bet to occur again and again. An organization, therefore, would have done zero work in preventive risk measures. The best methods might be put to practice as a risk management method, but eliminating the causes is a significant part to consider (Siegrist et al., 2012).

There are other frameworks to use in addressing risk. This includes considering the possible threats to the organization’s systems. Access to the organization’s network by an unauthorized person might be putting the organization together with its customers at significant risk. Attackers might access customer’s details, which might enable them to conduct some financial transactions with customers, without the knowledge of the customer that they are being attacked. Customer’s loyalty to the organization might reduce because they will feel that their details are not safe being handled by the organization. Social engineering is another technique used by criminals in divulging information, which is confidential for malicious purposes. All the threats that criminals pose to organizations are either for financial or political benefits, and they affect differently. Malfunctioning of equipment might cause a threat to the systems. When the functioning of equipment occurs, it exposes the attackers from accessing vital information. When a threat agent already has the same story for the organization, it makes it easier to access the systems and conduct an attack (Bouder & Slavin, 2007).

Information and passwords being disclosed to threats agents risks an organization being attacked. A password will make it easier for an attacker to access the system and acquire any detail that they might be in need of. Loss of electricity is another threat that puts an organization to risk. This can be prevented by ensuring backup generators to ensure that there is a backup in case of loss of electricity. There are preventable threats and non-preventable threats that cannot be proactively planned (Resta, 2020).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Bouder, F., & Slavin, D. (2007). undefined. Earthscan.

Khatta, R. S. (2008). undefined. Global India Publications.

Resta, M. (2020). Computational methods for risk management in economics and finance. MDPI.

Siegrist, M., Earle, T. C., & Gutscher, H. (2012). Trust in cooperative risk management: Uncertainty and skepticism in the public mind. Earthscan.

 

 

 

 

 

 

 

 

 

 

 

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask