16 Aug Info Security & Risk Mgmt Provide a reflection of at least 1000 words (or 3 pages double spaced) of how the knowledge, skills, or theories of this course have been applied, or cou
Course – Info Security & Risk Mgmt (ISOL-533-B02)
Provide a reflection of at least 1000 words (or 3 pages double spaced) of how the knowledge, skills, or theories of this course have been applied, or could be applied, in a practical manner to your current work environment. If you are not currently working, share times when you have or could observe these theories and knowledge could be applied to an employment opportunity in your field of study.
Requirements:
Use of proper APA formatting and citations. If supporting evidence from outside resources is used those must be properly cited.
Share a personal connection that identifies specific knowledge and theories from this course.
Demonstrate a connection to your current work environment. If you are not employed, demonstrate a connection to your desired work environment.
You should not provide an overview of the assignments assigned in the course. The assignment asks that you reflect how the knowledge and skills obtained through meeting course objectives were applied or could be applied in the workplace.
Practical Connection
Practical Connection
Rahul Rahul
Summer 2022 – Info Security & Risk Mgmt (ISOL-533-A01) – First Bi-Term
Dr Derek Holbert
University of the Cumberlands
06/23/2022
1
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
ISRM was defined as informative security risk management. This process was majorly
used in many organisations for identifying risks and managing vulnerabilities. This is very
efficient in managing the risks because it’s were associated with information technology. ISRM
was majorly involved in identifying the risks and vulnerabilities in the organisations and also
involves in evaluating, integrity and maintaining the risk confidentiality among the threats.
Learning this course will help in identifying the risk and threads in the organisation (Gulick, et,
al, 2008). From this, we can learn about different stages and treatment methods used in
organizations for controlling the risk in organisations.
At our workplace implementing the informative security risk management helps in
exploring the risk and accomplishing the risk by using the strategies in ISRM. This process can
be implemented by introducing the different stages in the organisation, at my workplace we use
different stages of identification such as identifying control, identifying assets, identifying
vulnerabilities and identifying threats.
Identify control
This stage helps in removing the unwanted access which was found in the organizations.
Control points out the risk with their address and also identifies the vulnerabilities. For example,
if the terminated user seeks access to the specified application then control is involved and
removes all the unwanted access automatically. This can identify the indirect risk with their
addresses.
Identify threats
2
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
This stage helps in identifying the identify the threats and trying to know about the context of the
threat. This stage is very significant which helps in identifying the various activities such as
crime syndicates, and hacktivist groups.
Identify vulnerabilities
This stage helps in identifying the software vulnerabilities which are establishing privacy,
and integrity. This majorly helps in seeking the risk which was at risk and also identifies the
weakness or shortages in the organizations’ techniques.
ISRM process consists of different treatments which are required for analysing the risk
which was identified. Different types of treatments were remediation, mitigations, risk
acceptance, risk avoidance, and transference.
Remediation
This was of the treatments of informative security and risk management. This treatment
helps in controlling the nearly fully fixes the primary risk which was identified (Katsicas &
Sokratis, 2009). In this process primarily we have to identify the vulnerability and then apply
these patches to the vulnerability.
Mitigations
This type of treatment helps in reducing the impact of the risk but it does not fix the risk
completely. By identifying the risk and then creating a firewall rule, this wall enables only
specified system communications.
Risk acceptance
3
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
These methods are used for reducing the risk and lows the impact on the assets of the
organisations. This method can also reduce the time and the efforts it takes in fixing the risks and
also fix the cost of the risk
Risk avoidance
This treatment helps in eliminating all the identified risks in the organisation. If we
identify the risk in the operating systems then these OS will not able to receive any of the
security patches from the OS producers.
4
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
References
Gulick, Jessica; Fahlsing, Jim; Rossman, Hart; Scholl, Matthew; Stine, Kevin; Kissel, Richard
(16 October 2008). "Security Considerations in the System Development Life Cycle". doi:10.6028/NIST.SP.800-64r2 – via csrc.nist.gov.
Katsicas, Sokratis K. (2009). "35". In Vacca, John (ed.). Computer and Information Security
Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 605. ISBN 978-0-12- 374354-1.
5
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/ Powered by TCPDF (www.tcpdf.org)
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
Do you need help with this question?
Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.
WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.
With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Chat with us today! We are always waiting to answer all your questions.