IT313 Project One

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

313

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

5

Uploaded by msheba08 on coursehero.com

Running head: IT 313 Project One 1 IT 313 Project One Bathsheba Harris Southern New Hampshire University September 10, 2023
IT 313 Project One 2 Scope The current IT Security Risk Management Plan at Workers Werks Credit Union (WWCU) is the cornerstone of its comprehensive cybersecurity strategy. This plan delineates the overarching objectives, striking a delicate balance between risk exposure and cost- effective mitigation strategies. It provides a detailed coverage of business processes, from inception to culmination, ensuring a thorough approach to risk management. Furthermore, the plan adeptly defines its objectives, centering on identifying, assessing, responding, monitoring, and controlling risks. It orchestrates a seamless integration of every facet of the implementation life cycle, commencing from the design phase and culminating in the maintenance phase. By doing so, it not only safeguards the organization's technological landscape but also aligns with its overarching business goals. Risk The current IT Security Risk Management Plan at WWCU stands out in its adeptness at identifying risks that possess the potential to impact mission-critical business functions and processes significantly. Through a systematic approach, it recognizes vulnerabilities, threats, and risks that emanate from both internal and external sources within the industry. One of the key strengths of this plan lies in its meticulous categorization of risks. It meticulously classifies risks into distinct components, namely assets, threats, existing controls, vulnerabilities, and consequences. This ensures that each risk is assessed comprehensively and in granular detail (Moore, 2022). Assets, encompassing an array of elements ranging from hardware and software to invaluable data, are exhaustively identified. Likewise, potential threats, whether from human factors or natural phenomena, are diligently considered. The plan also considers existing controls, whether they originate from within the organization or are provided by external entities. Additionally, it keenly identifies vulnerabilities that may stem from various sources,
IT 313 Project One 3 including design decisions and inadvertent software misuse. Finally, the plan astutely evaluates the potential consequences of a security breach, distinguishing between the loss of confidentiality, integrity, and availability. This thorough risk assessment serves as the foundation for effective risk mitigation strategies. Impact The plan accurately gauges how identified risks might impact the organization's assets. It thoroughly identifies and prioritizes key assets and activities that require protection. Moreover, it estimates the financial implications of potential losses. The plan classifies assets into various categories, such as hardware, software, and data, understanding their criticality to business functions. It considers the potential ramifications of a security breach, ensuring that the financial impact is estimated for effective risk assessment. Additionally, it addresses the imperative aspects of business continuity and asset replacement, demonstrating a comprehensive approach to risk management. Mitigation To bring the Risk Priority Number (RPN) down to the least feasible level, the strategy places a significant emphasis on risk modification and control (ALARP). The implementation of risk controls is done hierarchically, with information for security coming last and security by design coming first. Production and servicing security measures come next (Rout & Sikdar, 2017). This tactical method guarantees that hazards are dealt with thoroughly and methodically. Legal Compliance The proposal exhibits a praiseworthy effort to tackle pertinent legal restrictions concerning cybersecurity adherence. It complies with both national and international legal frameworks. Compliance with laws and guidelines, including ISO 31000:2018 and ISO/IEC 27005:2018, is included in the strategy. It guarantees that the company stays under the law
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help