The importance of risk management in information security technology system

Information systems gain their importance by processing the data from company inputs to generate information that is useful for managing your operations.

The importance of risk management in information security technology system

Or take a road trip without checking your oil and tire inflation. Or miss an annual trip to the doctor — would you? Security is mostly an invisible attribute. We tend to set it up and then forget about it.

But each of us has our blind spots, causing us to miss things. Our infrastructure changes over time, possibly opening it up to new vulnerabilities.


And new methods of attack are invented daily, so what was secure yesterday may not be secure today. The importance of periodic security assessments Just as every car comes with a list of scheduled maintenance items, your IT organization should have a list of security features to audit on a periodic basis.

Why undertake periodic assessments? There is a long list of reasons why you want to do periodic assessments, and an equally long list of reasons why you should.

Information security - Wikipedia

An increasing number of organizations are bound by governmental regulations that dictate what security measures you should have in place and how they should be audited. They also require regular security posture assessments, though they vary on specific requirements and time frames.

There are many benefits to doing periodic assessments beyond simply complying with government regulations.

The importance of risk management in information security technology system

Undertaking regular assessments can help you to: Find out whether your security has already been compromised. You might not know unless you look, and you will sleep better at night if you know.


Stay on top of the latest security threats — with new attacks coming on the scene every day, you could become vulnerable even if nothing has changed since your last assessment! Make sure that your staff is being vigilant by maintaining a focus on IT security. Increase awareness and understanding of security issues throughout your company.

Make smart security investments by prioritizing and focusing on the high-importance, high-payoff items. Demonstrate to your customers that security is important to you — this shows them that you care about them and their data. How to attain a Zen-like state of mind What can you do to have the peace of mind that comes from diligently performing periodic security assessments?

Table 1 is your guide to the details: Change your oil every 5, miles. Use your password-cracking program quarterly to cut down on guessable passwords.

The importance of risk management in information security technology system

Cut out the table and tack it to your wall. Evaluate ways that your security can be compromised from the inside or outside, from both internal and external sources of attack.

Auditing your firewall rules and watching logs is only part of the picture. Can hackers harvest information through a company directory posted on the Internet?

If so, each of your employees is now a potential vector for social-engineering attacks. What services do your internal servers and workstations provide? Do they match up with your policies?

And has someone snuck a wireless access point onto your network to make her life easier and give you a new security vulnerability? Software patch-level and use compliance. Just how well have you been keeping up with patches?

Information Security Management

What are your patch policies? Are you following them? And what is your lag time? Assess and re-assess how your network is defended at its perimeter, and how well it is segmented internally to limit the damage that can be caused by prying eyes or errant applications.

Audit both your device configurations and your update procedures and policies.Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information or data may take any form, e.g.

electronic or physical. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data. NIST Special Publication Risk Management Guide for Information Technology Systems Recommendations of the • Information system security officers (ISSO), who are responsible for IT security • Section 2 provides an overview of risk management, how it fits into the system • •.

Abstract: Information security is importance in any organizations such as business, records keeping, financial and so on. This information security will help the organizations to fulfill the needs of the customers in managing their personal information, data, and security information.

The implementation of the information security management system is a process that is by far more complex than the implementation of the quality management system due to the large number of factors that may affect its effectiveness.

Meanwhile for organizations to use the information technology, risk management plays a crucial role in protecting their information. Effective risk management is one of the most important parts of a security program in IT organizations. Risk Management and Risk Assessment are major components of Information Security Management (ISM).

Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO], [NIST], [ENISA Regulation].

Risk Management & Information Security Management Systems — ENISA