Authorization and Accreditation
The organization's risk management framework offers a structured information and process to help the company identify, assess, and take steps to reduce risks to a reasonable level. The E-Government Act requires organizations to protect their information technology and information systems that support their assets and operations (Jain & Zhang, 2012). This paper looks at how the organization will plan, implement, and manage its risk management steps. The risk management steps under the Risk Management Framework include the six steps as summarized in the following diagram.
Risk Management Steps
Approach to Implementation
To implement the first step, the organization will need to categorize the information systems, as well as the information being stored, processed, and transmitted by the system. This will be based on the possible effect to the company in case events take place to put the information and the system at risk. The organization will assign a security effect value (high, low, or moderate) for the security goals of integrity, availability or confidentiality (Bowden & Martin, 2011). This will relate to the information systems and information the company requires for achieving its mission, fulfilling its legal responsibilities, maintaining its daily functions, and protecting its individuals and assets.
The categorization of security standards for information systems and information will provide a common understanding and framework for documenting the possible effect to individuals or organizations. This is done in case of a security breach to information system or information. The organization's information system and information...
The process of categorization will likewise promote consistent reporting and effective management of information systems (Jain & Zhang, 2012).
In implementing the second step, the organization will identify an appropriate class of security controls for its information system after it has already determined its security categorizations. The E-Government Act specifies that companies meet the minimum requirements of security by choosing an appropriately tailored class of baseline security controls. This will be based on assessing risks and local conditions such as the company's security requirements, cost benefit analysis, threat information, and special circumstances. In a move to overcome minimum security requirements, the company will select appropriate security controls (Jain & Zhang, 2012). This will help the company protect its information systems according to its business requirements and mission. It will determine an initial set of security controls based on the effect analysis conducted previously. The company will supplement and tailor the selection of baseline security controls. This will be based on the company's assessment of risks.
Security controls must be implemented within the information system. The organization will configure security checklists and present information about its benefits. Further, the management will give information on how to use the checklist and locate and retrieve checklists. Security setting checklists will be useful devices, which will be developed to guide the IT department and security personnel in the selection of effective security settings (Bowden & Martin, 2011).…
