Cyber Security Essay Sample: Risk Assessment and Information Security Planning

Concept A: Risk Assessment

Risk assessment in the cybersecurity field refers to the process of identification of potential hazards and the analysis of the likely consequences should an attack on systems security occur (Federal Emergency Management Agency, n.d.). It also entails impact analysis which entails a determination of the potential effects of a cybersecurity attack on an organization's critical processes. The assessment also involves coming up with emergency plans that help to identify the organizational assets that are at risk of being compromised by cybercrime. Moreover, IT risk assessment involves classifying threats to security into low, moderate, and high depending on their impacts on data integrity, availability, use, and confidentiality of its users.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Professional Discipline

My professional discipline in which this concept is applicable is security and risk management field. As an executive security agent working in this field, the concept of IT security risk assessment is applicable to my everyday work since most part of my work involves developing plans to identify potential security hazards and analyze their impacts on the organization in the case of a full-blown attack.

Application

The application of risk assessment in a mid-sized US Corporation involves first identifying the existing security hazards and then analyzing their strength and potential impacts on the organization's systems and processes. According to Causey (2013), the risk evaluation process may also be applied by putting in place emergency plans which help in pinpointing the specific assets that are at the greatest risk of cyber attacks, such as machinery, utility systems, information technology, computer systems, and structures. Additionally, the risk assessment may be applied through the identification of vulnerabilities that make these assets susceptible to damage, such as deficiencies in loss prevention programs and security systems. The other steps involved in risk assessment application include developing metrics, considering historical data breaches, calculating the costs of a data breach, and conducting fluid risk-to-asset tracking (Causey, 2013).

Concept B: Information Security Planning

Information security planning basically refers to the development of plans for security information held by an organization. According to Angle and Hoover (2017), an information security plan means an institutional document which provides an overview of the security requirements for an organization, the controls established for addressing or meeting these security needs, and a delineation of the roles and responsibilities of those charged with the protection of such information. The plan also identifies the appropriate IT impact assessment methodology that should be used in protecting the information and classifying the potential hazards. Information security planning also entails coming up with an organizational information security policy for protecting critical data, information, systems, and processes that may be vulnerable to cyber attacks.

Professional Discipline

The professional discipline under which the concept of information security planning would be applicable is the communications and network security field. This field includes organizations dealing with critical data and information that require round-the-clock protection.

Application

Information security planning is particularly applicable to an executive security agent as it helps in developing a strategic blueprint for protecting the availability, integrity, safety, and confidentiality of information that relate to technologies, processes, and people. In a mid-sized corporation, the concept of IT security planning may be applied by putting in place appropriate controls for protecting critical information systems and processes so as to secure data from annihilation, unauthorized alteration and use, unwanted interruption, and illegal access (Henry, 2015). Such a plan is also applicable to a business or public organization in that in defining the tasks, initiatives, strategies, missions, vision, benchmarks, required for better protection of information both in the present and future. According to Angle and Hoover (2017), this concept may also be applied by developing ncident monitoring, incident handling, vulnerability scanning, access control to communication devices, information system monitoring, maintenance, audit and accountability, access controls, system information integrity, and personnel security.

References

Angle, S. and Hoover, T. (2017). 2017 Information technology security plan, University of Tennessee. Retrieved from https://www.utc.edu/information-technology/security/pdfs/utc-it-security-plan20170503.pdf

Causey, B. (2013). How to Conduct an Effective IT Security Risk Assessment. Retrieved fromhttps://security.vt.edu/content/dam/security_vt_edu/downloads/risk_assessment/strategy-how-to-conduct-an-effective-it-security-risk-assessment_2411470.pdf

Federal Emergency Management Agency (FEMA) (n.d.). Risk Assessment. Retrieved fromhttp://www.ready.gov/risk-assessment

Henry, B.C. (2015). Information security strategic plan. Social and Basic Sciences Research Review, 3(3), 137-141