Premium Essay

Security Risk Management

In: Business and Management

Submitted By juliesafety
Words 3116
Pages 13
Security Risk Management Plan

Sydney Head Office
175 Sydney Rd
Sydney NSW 2000

DOCUMENT VERSION CONTROL

Document Name: | Amalgamation of GSC | Version Number: | 0.1 | Date: | 18 July 2016 | Reviewed By: | | Authorised By: | |

CHANGE HISTORY

Version | Issue Date | Author | Reason for Change | 0.1 | 20.05 | ABCELLO | Original Document | | | | | | | | | | | | | | | | | | | | | | | | |

DISTRIBUTION LIST

Copy No | Name | Location | 1. | Master | Project Office | 2. | <Project Manager> | | 3. | <Project Sponsor> | | 4. | <Executive Sponsor> | | 5. | | | | | | | | | | | | | | |

CONTENTS

INTRODUCTION | 4 | | | SCOPE OF WORKS | 4 | DISCLAIMER AND LIMITATIONS | 4 | | | METHODOLOGY | 4 | | | STRATEGIC CONTENT | 4 | STAKEHOLDER LIST | 5 | RISK MANAGEMENT CONTEXT | 5 | THE RISK MANAGEMENT PROCESS | 6 | | | ANALYSIS OF SECURITY RISK | 7 | TREATMENT OPTIONS | 7 | | | SOURCES OF EVENT RISK | 8 | | | RISK IMPLEMENTATION/RISK IDENTIFICATION | 9 | | | RISK ASSESSMENT SUMMARY | 9 | RISK 1 - Operational | 10 | RISK 2 - Strategic | 10 | RISK 3 - Human / Animal Resources | 11 | RISK 4 - Systems | 11 | RISK 5 - Financial | 12 | RISK 6 - Legal | 12 | | | RISK ASSESSMENT TABLES & CONSEQUENCE | 13 -18 | STAKEHOLDERS SIGN OFF | 19 | BIBLIOGRAPHY | 20 | | |

INTRODUCTION

The Great Security Company is a well-established business with 100 dedicated staff and returns above costs. As a result of the GFC crises The Great Security Company has on sold the company to help the Parent company out of their financial worries that they have incurred.

The new owners of the Great Security Company had purchased 8 other similar sized companies across 3 states (NSW, QLD and…...

Similar Documents

Premium Essay

Role and Nature of Organiztion Risk Management in Justice and Security Organization

...fight against crime, freedom and justice for everyone. The justice and security have evolved two keep up with the changes in technology, and new laws that are passed every year. The laws allow new forms of promoting justice throughout the country as crime increases and changes. Justice and security are working together to solve cyber-crimes, enforcing laws of the land, and to fighting terrorist. Balancing the justice and security is an important perception in criminal justice. It provides a guide to the administration in decision on the operation of justice and security to make sure that all laws that are enact is balanced for the benefit of everyone in the nation. By during so it helps to sustain justice for all those involved and to ensure that laws shares powers and resources evenly by everyone in the county. Justice gives everyone equal protection under the law and punished those who violates the laws that have been enacted. Punishment will be determined by the type of crime a person has committed against the humanity. The laws make it easy to eliminate some crimes and ensure security to all. The Constitution does protect the right of the accused to guarantee that the offender rights are protected and not violated by all new and old laws that have been enacted. Punishment of the offender in the justice system and offering security the innocent help balance the administration of justice and security. The issues involving citizen Constitution rights and the need to......

Words: 480 - Pages: 2

Premium Essay

Risk and Risk Management

...Risk and risk management 1. Credit Risk – The risk of loss of principal or loss of a financial reward stemming from a borrower's failure to repay a loan or otherwise meet a contractual obligation. Credit risk arises whenever a borrower is expecting to use future cash flows to pay a current debt. Investors are compensated for assuming credit risk by way of interest payments from the borrower or issuer of a debt obligation. The higher the perceived credit risk, the higher the rate of interest that investors will demand for lending their capital. Credit risks are calculated based on the borrowers' overall ability to repay. This calculation includes the borrowers' collateral assets, revenue-generating ability and taxing authority (such as for government and municipal bonds). 1) Total loans to assets The loans to assets ratio measures the total loans outstanding as a percentage of total assets. The higher this ratio indicates a bank is loaned up and its liquidity is low. The higher the ratio, the more risky a bank may be to higher defaults. This figure is determined as follows: Loans to Assets = ( Loans / Total Assets ) 2) Nonperforming loans/total loans Nonperforming loans, or NPL, are loans that are no longer producing income for the bank that owns them. Loans become nonperforming when borrowers stop making payments and the loans enter default. The exact classification can vary from institution to institution, but a loan is usually considered to be nonperforming......

Words: 2314 - Pages: 10

Premium Essay

Security Risk Assessment

...Security Risk Assessment Southern New Hampshire University Michael Hallin Security risk analysis, which is also known as risk assessment, is essential to the security of any company and benefits the overall business goal. It is vital in ensuring that controls and costs are fully equal with the risks to which the organization is exposed. Having a well laid plan for disaster recovery comes from a good risk analysis of a company. A company’s IT Business Manager and associated team must identify and assess the organizations assets and give them a value. A good IT risk assessment involves identifying what functions need to be reestablished first after a disaster or an attack to the system. Restoration to full operational capability is significantly enhanced when the company is prepared and has taken appropriate action prior to an emergency or disaster (Group, 2005). The steps to identifying IT risks in a company include: determining which of the company’s assets have the most value to the business, identifying the risks that are applicable to those assets. After the risks are identified, they need to be logically examined to see how likely the risk can occur. If the risk is likely to be a factor, then the companies must take action to mitigate those risks. An example of this would be the company’s exchange server, which in almost all companies is a priority 1 asset, also called an essential entity. A server always has a risk of crashing; an exchange server has......

Words: 902 - Pages: 4

Premium Essay

Risk Management Security

...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other......

Words: 1365 - Pages: 6

Premium Essay

Risk Management

...understand their responsibilities for achieving adequate information security and for managing information system-related security risks (National Institute of Standards and Technology, 2010). One common methodology for implementing information security is known as Certification and Accreditation. Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security requirements that are well documented and authorized (Tipton & Krause, 2007). In order to improve information security, strengthen risk management processes, guarantee standardization, and enforce federal policies, the National Institute of Standards and Technology (NIST) partnered with the Department of Defense to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF) (National Institute of Standards and Technology, 2010). The Risk Management Framework provides a structured, yet flexible approach for managing risk to the business processes of a federal organization; however, these principles are crucial to both federal and commercial IT operations since they certify that the management of security risks is consistent with the organization’s mission objectives. Additionally, they ensure the risk management framework is smoothly integrated into the organization’s enterprise architecture (NSIT, 2010). Risk Management Framework The following steps identify the six......

Words: 1273 - Pages: 6

Premium Essay

Security Risk Management Course Paper

...Therefore, a proper understanding of risk management and all that it entails is of the utmost importance for every IT professional, regardless of specialization. The purpose of this paper is to identify what risk management is and give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential issue and develop policies and security measures to combat these risks. Risk management is comprised of three phases: risk identification, risk assessment, and risk control (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Risk Identification Risk identification is simply the identification and documentation of the assets and the threats to those assets. Risk identification is an iterative process that consists of six steps: the planning and organization of the risk management process, categorize the......

Words: 2778 - Pages: 12

Premium Essay

Risk Management

... Rivers October 19, 2013 Project 1 Part 1: Risk Mgmt. Plan 1. Introduction Risk Mgmt. Plan Well for starters the purpose of this risk management for DLIS (Defense Logistics Information Service) plan will be similar to the purpose of any organization would be and that would be how to better protect and secure the company’s IT environment. The importance of this is major since there is all kind of important data that is on and transmitted throughout our networks on a daily basis. DLIS we must ensure that we implement all necessary preventative security measures as well as policies and procedures. We must do this by first of all ensuring that we have really good antivirus software installed on all of our systems and ensuring that it is always up to date. The next thing is extensively configuring our firewalls making it more difficult for our networks to be hacked. Another thing is data encryption which is very vital in securing all important data for our company and clients especially when we are performing data transmission over the networks. The last thing I want to mention which will be part of policies and procedure is implementing various password and logon policies and procedures for security purposes as well. As I stated the purpose of the development of this plan is to reduce the risk of threats and vulnerabilities on our networks. This is vital because threats and vulnerabilities definitely present risk(s) to any important company and client data. ......

Words: 2058 - Pages: 9

Premium Essay

Security and Risk Management

...operations are filled with risk. On a personal level we take risks crossing the road, travelling by train and making investment decisions. From a business perspective, risk is managed at many levels - operational, marketing, legal and financial. Traditionally, much risk inherent in a business operation has been managed through insurance. In reality, we are all aware that risk can no longer be managed on an ad hoc basis, but should be sewn into the fabric of corporate management. In other words, an organization will not be able to make strategic choices to maximise performance without having a clear understanding of the risk it faces. People make risk decisions at all levels in an organization, ranging from individual responsibilities to collective decisions made at Board level. Allowing individuals too much autonomy within an organisation can have disastrous consequences. Consequently, compliance and adherence to regulations is important to all risk management programmes, which in turn have focused organisations on corporate governance as a form of management control. Risk analysis helps put in place checks and procedures that reduce the chance of negative outcomes. In relation to the risk management situation, we can always relate to Nick Leeson's case, who had lost Baring’s Bank $1.3 billion on trading derivatives, destroying Barings and its reputation within a short period of time. Inter-related Crisis and Risk management Crisis and Risk management are two......

Words: 1044 - Pages: 5

Premium Essay

A Security Risk Management Approach for E Commerce.Pdf

...A security risk management approach for e-commerce M. Warren School of Information Technology, Deakin University, Geelong, Australia W. Hutchinson School of Computer and Information Science, Edith Cowan University, Mt Lawley, Australia Keywords Electronic commerce, Risk analysis, Information systems Introduction Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be impossible to manage without them. This has been encapsulated by the recent development of e-commerce in a consumer and business environment. The situation now arises that information systems are at threat from a number of security risks and what is needed is a security method to allow for these risks to be evaluated and ensure that appropriate security countermeasures are applied. Abstract E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks. Security methods The aim of the research was too combine a information systems modeling method with a baseline security method to form a hybrid security method. This method could be used to evaluate high and low level security risks associated with e-commerce. The methods used in this model are the......

Words: 2218 - Pages: 9

Premium Essay

Security Risk Assessment Process

...Security Risk Assessment P1. Operational risk assessment is the process of determining what threats and vulnerability’s affect an organizations critical business processes. Operation risk assessment is a life cycle process that needs to be conducted often to determine if there are new threats and vulnerability’s to the organization. Without conducting a routine risk assessment an organization is left with exposure to hazards and accidents which lead to a loss. An operational risk assessment consist of risk identification, risk analysis and risk evaluation. The assessment is used to create a risk management policy which gives the best courses of action to mitigate from any threat and vulnerability’s. A risk is the possibility of a loss from exposure to a hazard by conducting an operational risk assessment the end result is to reduce the amount of risk to a project, equipment and personnel. Management are the ones who use risk management to minimize loss which reduces monetary loss and time for the organization. P4. The information assurance control procedures are the identification of assets, the classification of assets. The goals are to protect the confidentiality, integrity of availability of information by providing control measures. They are important because a company assets need to controlled due to so many exposures. The control procedures are used as a set of process and guidelines to ensure that an asset is classified correctly and given the correct level of......

Words: 1525 - Pages: 7

Premium Essay

Risk Management

...Applying Risk Management Consulting Ricardo Jackson CMGT/430 April 28, 2015 Dr. Leandro Worrell Applying Risk Management Consulting According to (Whitman & Mattord, 2010) Risk Management is the process of discovering and assessing the risks to an organization’s operations and determining how those risks can be controlled or mitigated. Risk management tackles part of a law-abiding control program that organizations implement to monitor the business and make informed decisions. Most corporate leadership takes on this task while bridging together other departments within the organization requirements. While governance programs differ broadly, all programs require a well-thought-out security risk management component to arrange and mitigate security risks. The management of information systems relies heavily on risk management therefore certain fundamentals must be applied within an organization risk management plan. These principles include identification, assessment, and decision support/implementation control. Identification The risk identification process begins with the identification of information assets, including people, procedures, data, software, hardware, and networking elements. Risk Assessment Identify and prioritize risks to the business Assess Control. Assessing the relative risk for each vulnerability is accomplished via a process called risk assessment. Risk assessment assigns a risk rating or score to each specific vulnerability. This......

Words: 969 - Pages: 4

Premium Essay

Security Requirements and Risks

...Security Requirements and Risks Paper Security Requirements and Risks Paper There are a lot of businesses such as Huffman Trucking that complete risk reviews to determine the quantity of threats that may affect their company, and discover ways in dealing with them before a huge tragedy takes place.   Risks include hypothetical efficiency of loss of impact, security measures, vulnerabilities and threats that are widespread in today's world.   Huffman Trucking sticks to procedures and guidelines that are overseen by dealings by which the organization assesses and handles its contact to risk.   Nearly all businesses cope with some risk or possible risk that could possibly trigger a giant blow to their business.  These threats and risks typically come from outside or within any organization.   In order to get ready for the worst that may occur, corporations should direct their attention on how to consider distinctive types of risk so they could shield themselves from the damage caused by them.   The first security risk that needs to be looked into is username and passwords that are assigned to each user. Listed are some cons of password security: Do not choose a password that has to do with family, name, or any personal information that anyone could figure out easily. Writing passwords down is giving others easy access to your personal information. If needed write it down and put it in a safe place where no one is able to find it. Some pros of password......

Words: 763 - Pages: 4

Premium Essay

Risk Management in Justice and Security

...Running Head: RISK MANAGEMENT IN JUSTICE AND SECURITY ORGANIZATIONS Risk Management in Justice and Security Organizations Rita A. Davis University of Phoenix CJA/520 Group ID: MSAS0KCAO6 RJ Schafer September 11, 2009 Risk Management in Justice and Security Organizations Introduction Risk management is essential to the security and well being of any organization. Risk management is crucial in guaranteeing that security controls and spending are proportionate with the actual risks to which the organization is exposed. Following a comprehensive and formal risk management approach requires a sound understanding of the principles of risk. Risk goes beyond the questions of efficiency, technique. This paper will discuss the role of risk management in justice and security organizations What is Risk? “Risk is the uncertainty of financial loss, the variations between actual and expected results, or the probability that a loss has occurred, or will occur… three main categories are personal, property, and liability” ( Broder, p. 3). An organization should perform a risk analysis, which is a, “management tool, the standards for which are determined...

Words: 986 - Pages: 4

Premium Essay

Security Risk Management Plan

...SECURITY RISK MANAGEMENT PLAN Prepared by Jeremy Davis Version control Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 | Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15 Executive summary A Security Risk Management Plan (SRMP) helps CBS by providing specific guidelines and rules to ensure risk management is considered and included. It provides guidelines for its implementation that can minimise the threats by planning, policies, processes and procedures that can help your business get everything back to normal as soon as possible. This SRMP was designed for the guidelines for its implementation of risk management in CBS and in its operations in order to ensure its security and safety of its staff and assets. Throughout this SRMP it identifies threats, procedures, policies, responsible person and etc which will provide you and your staff information to prepare you with the worst disaster event. Every business these days has a SRMP in case of any events which may occur,...

Words: 2028 - Pages: 9

Premium Essay

Security Requirements and Possible Risks

...Security Requirements and the Possible Risks associated with the Benefits Elections Systems of Huffman Trucking Company CMGT/442 Security Requirements and the Possible Risks associated with the Benefits Elections Systems of Huffman Trucking Company Huffman Trucking has sent out a service request regarding the development and installation of a benefits election system to support the tracking and reporting of employee (union and non-union) benefits (University of Phoenix, 2011). Per this request, this paper will discuss possible security requirements and possible risks that may occur or be associated with the development and implementation of the Benefits Elections Systems. Typically, information on each employee and his or her respective benefits package is stored and managed using some type of database system. This can be either a hardcopy file version or an electronic one. Whatever method is used, security measures have to be put in place to protect each employee from the loss or theft of their information, as well as protect company assets from possible legal action. The purpose of this paper is to discuss some of the potential security requirements of Huffman’s system as well as the some of the risks associated with the implementation of this type of system. When deciding what security requirements will be needed to implement the Benefit Election System one will need to keep in mind of securing both the company and employees’ data from breaches. Security......

Words: 1019 - Pages: 5

BlueLife (3) | 10 mm Reflexband, Reflektorband, Reflexborte, Reflexstreifen, 13 Farben | Marvel's The Punisher