Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
To understand the nuances, there are about a million books one can read, but we will discuss a few general "rules."
The first thing to keep in mind with an assessment is that the methodology is flexible. It has to be to adapt to scheduling problems with clients, or availability of resources. As an example, a client could desire a certain timetable for the assessment steps to be accomplished. It may not match your schedule, so...flexibility is paramount.
Second, steps within the methodology can be combined. If it makes things more efficient, then do it.
The third step is crucial -- understanding the business. If there is not a solid comprehension of the business then there is no way to understand the risks.
Fourth, communication with clients should be emphasized. They must know the progress and the findings as the assessment progresses. This is key because the client may be able to offer additional information that might affect a finding, and the client has to be prepared to discuss the whole process and findings when the final presentation is made to management.
Conclusion
Careful planning is a key concept once it is decided to perform a security risk assessment. The planning will economize everyone's time and the results of the assessment will be more comprehensive. The critical task in planning for the assessment is to define the scope. Definition of how to proceed in the assessment is crucial in order to know how to plan the time and resources to complete the assessment in a timely and thorough manner.
And the notable tasks in this planning...
If the rest of the steps of the process are not performed as well as the assessment, then the results will not be a business enabler for the client.
Bibliography
Bradley, T. (n.d.). Internet/network security. Retrieved May 13, 2009, from about.com: http://netsecurity.about.com/cs/hackertools/a/aa030404.htm
Gont, F. (2008, July). Security assessment of the internet protocol. Retrieved May 13, 2009, from Center for the Protection of National Infrastructure: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf
Kairab, S. (2004). A practical guide to security assessments. New York: CRC Press.
McNabb, C. (2004). Network security assessment. Sebastopol, CA: O'Reilly.
O'Reilly Media. (2005, May 19). Security. Retrieved May 13, 2009, from Devshed.com: http://www.devshed.com/c/a/Security/Network-Security-Assessment/
Rogers, R., Syngress Media, I., Dykstra, T., Miles, G., & Fuller, E. (2004). Security assessment: case studies for implementing the NSA IAM. Rockland, Massachusetts: Syngress.
Security Management. (n.d.). Retrieved May 12, 2009, from sbcglobal.net: http://pages.sbcglobal.net/vleveque/Class3-SecMgtAndAssessmentTypes.pdf
Bibliography
Bradley, T. (n.d.). Internet/network security. Retrieved May 13, 2009, from about.com: http://netsecurity.about.com/cs/hackertools/a/aa030404.htm
Gont, F. (2008, July). Security assessment of the internet protocol. Retrieved May 13, 2009, from Center for the Protection of National Infrastructure: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf
Kairab, S. (2004). A practical guide to security assessments. New York: CRC Press.
McNabb, C. (2004). Network security assessment. Sebastopol, CA: O'Reilly.
O'Reilly Media. (2005, May 19). Security. Retrieved May 13, 2009, from Devshed.com: http://www.devshed.com/c/a/Security/Network-Security-Assessment/
Security Management. (n.d.). Retrieved May 12, 2009, from sbcglobal.net: http://pages.sbcglobal.net/vleveque/Class3-SecMgtAndAssessmentTypes.pdf
Security Monitoring Strategies Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area. Defining Security Monitoring Strategies For an
Also, it goes without saying that anyone hired in an important position like this one should have a wealth of experience and knowledge pertaining to information technology and information security (Slater, p. 2). The broad spectrum of activities a CSO must engage in Author Tyler Justin Speed explains that while it security staff can be counted on for the most part to protect stored digital data, unless the chief of
Security management is "described in some quarters as a function of risk management," (Bulletin 2, Part 2). Although there is some crossover with public sector security functions, such as policing, security management is generally considered a private sector domain. "Whilst private security has a predominantly commercial basis, it should not be forgotten that it does interact with the public to a considerable degree," (Bulletin 2, Part 2). Security management is
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are
Security Management at Aviation and Healthcare Sectors Security Management Essay This paper discusses the concept of aviation security management and security management at healthcare settings. In addition to that, this paper also lists down and describes the important factors that can have an influential impact on the functions of aviation and a healthcare security manager. Security Management at Aviation and Healthcare Sectors Aviation Security The general aviation security confronts a number of security challenges. The
Security Manager Leadership Analysis & Assessment of Main Management Skills of Security Managers The role of security managers and their progression to Chief Information Security Officers (CISO) in their careers is often delineated by a very broad base of experiences, expertise, skills and the continual development of management and leadership skills. The intent of this analysis and assessment is to define the most critically important management skills for security managers, including those