Module 1 - Case
INFORMATION SECURITY SYSTEM RISK MANAGEMENT
Based on the reading materials at background section and your own research, prepare a 4-7 page paper to describe the process of creating an information security risk management procedure. Your paper should be organized in the following way:
Identification, classification, and prioritization of information security risk
control mechanism that could be taken and the strategic options to mitigate and control information risk
Your paper should provide a summary of your findings from the assigned materials and any good quality resources you can find. Please cite all sources and provide a reference list at the end of your paper. The following items will be assessed in particular:
Ability to consolidate ideas from reading materials.
Demonstration of your understanding of how to create an information security management process.
The ability to express your ideas clearly.
Information security risk management process - (Please make sure all 211 slides appear when you open this file.)
Technology risk assessments key to protecting companies from information security threats (November 15, 2006), Business wire.
Mann, L. (2010). Information Security & Risk Management. Retrieved on March 6, 2013, from http://www.youtube.com/watch?v=BHh3z7B_wvI
Krause, M. et. al. (July 1, 2008). Information security management basics. Retrieved from http://www.csoonline.com/article/413965/information-security-management-the-basics?page=1
Information security handbook. Retrieved fon March 3, 2013, from http://ithandbook.ffiec.gov/it-booklets/information-security.aspx
Amancei, C. (2011). Practical Methods for Information Security Risk Management. Informatica Economic?, 15(1), 151-159.
Spears, J. & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-522.
Jones, A. (2007). A framework for the management of information security risks. BT technology journal, 25(1), 30-36.
Jourdan, Z., Rainer, R., Marshall, T., & Ford, F. (2010). An investigation of organizational information security risk anaysis. Journal of Service Science, 3(2), 33-42.
All your devices can be hacked, Ted talk by Avi Rubin. Retrieved on March 18, 2013, from http://www.youtube.com/watch?v=metkEeZvHTg.
Security online training - mitigating threats
Krause, M. et al. (2008). Information security management: the basics. Retrieved on March 6, 2013, from http://www.csoonline.com/article/413965/information-security-management-the-basics?page=1
Armerding, T. (February 15, 2012) The 15 worst data security breaches of the 21st century. Retrieved on March 6, 2013, from http://www.csoonline.com/article/700263/the-15-worst-data-security-breaches-of-the-21st-century