Saturday, September 7, 2019
Case Study UAE Academy Example | Topics and Well Written Essays - 2500 words
UAE Academy - Case Study Example The risk management process includes: Risk Management Process The risk manager of UAE Academy will align with the key stake holders to ensure that risks are actively identified, addressed, and managed throughout critical assets, networks and databases. It is better for UAE academy to address risks as early as possible in order to limit the impact of a threat afterwards. However, along with risk management, the risk manager will also implement a periodic risk management program that will address risks on continuous basis. Identifying Risk Risk identification is a joint effort, as UAE academy wants to protect the data network, email services, protection from the WWW and external sources and protection of shared storage resources. Likewise, this process will incorporate key stake holders or system owners to identify risks pertaining to their systems and applications. Moreover, a risk management log must be maintained that will be maintained electronically at a specific location. Risk An alysis This process involves the measurement and calculating the impact of identified risk based on quantitative or qualitative risk analysis. Quantitative risk analysis includes numeric values such as costs of information assets. Qualitative risk analysis is associated with organization reputation and customer satisfaction such as intangible assets i.e. university rankings of ââ¬ËUAE academyââ¬â¢. However, data classification scheme must be defined at this point so that effective risk analysis can be conducted. Likewise, data classification scheme is defined by application and system owners, as they have insights of their systems and applications. Risk assessment is carried out on the basis of the three fundamental triads of information security i.e. Confidentiality, Integrity and Availability. However, risk assessment comprises of four options i.e. Risk transfer, risk acceptance, risk avoidance and risk mitigation. A comprehensive risk assessment template is demonstrated bel ow in fig 1.1, 1.2, 1.3, and 1.4 respectively. Asset Valuation Scheme Scale 1 2 3 Definition Loss of C/I/A is acceptable Loss of C/I/A is acceptable. If it occurs, workaround can be arranged Loss of C/I/A is acceptable. Need preventive measures on immediate basis Figure 1.1 Risk Assessment Threat Name Affected Assets CIA Asset Value = C+I+A Likelihood of Occurrence Level of Impact Risk Exposure Counter Measures Controls Poor System Performance Virus Attacks Unauthorized Access Figure 1.2 Likelihood of Occurrence Levels 1- Very low 2- Low 3- Medium 4- High 5- Very High Figure 1.3 Impact Classification Levels Potential Business Impacts Business Operational and Financial Impact Legal and regulatory obligations Loss of Reputation Personal Information 1- Very low 2- Low 3- Medium 4- High 5- Very High Figure 1.4 Risk Calculation Formula: Risk Exposure = Asset Value x Likelihood x Impact Level Disaster Recovery Plan Description Likelihood and Impact Detection Immediate Action Later Action Effect on Users Mitigation and Contingency Single Disk Failure Medium Warning Replace failed disk Order new disks. Have existing disks destroyed. No effect Monitoring of RAID volumes. Keep replacements drives available. Unauthorized Access Low Periodic Auditing of logs along with application logs Restore modified content. Repair security breach. Determine root
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment