ITT 307 Topic 7 DQ2
docx
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
307
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
1
Uploaded by PeanutButterEater102
Compare and contrast the differences between the concepts of cybersecurity, information assurance, and risk management. Where in the security industry would each concept apply? What are the pros and cons of each? If your school or organization were to adopt one concept, which should it be? Why?
Hello professor and class,
There are several pros, cons, and differences between risk management, cybersecurity, and information assurance. Until this week I did not know the lines between the three, however after conducting research I will compare the three.
Cybersecurity:
This field usually involves protecting a system physically and virtually. The biggest benefit
is that cybersecurity is that it is constantly adapting making advancement opportunities a big possibility. This pro can also be a con however, since this means there are more attacks cybersecurity experts have to defend against. The threat actors and hackers are also improving their skills so it is a must to be one step ahead of them. Information assurance: This position involves the laws, policies and training on the business end of things. Their job is to find out how a company uses information, how valuable that information is to the company, and how exposed that information happens to be so that they can guide the organization on how to prioritize tasks to protect it (Klump, 2018). This puts a disaster recovery or breach plan in play in the event one does happen. A big benefit for information assurance specialists is that they start off in a higher position than cybersecurity or information assurance specialists. The major con is that technology
is constantly changing so a system will never be fully secure. If an information assurance specialist misses an area that needs to be protected the entire network could be compromised.
Risk Management: This job involves assessing all the risks a company or organization has in information technology. The company or organization then chooses which risks to fix and which ones to accept (ignore). The big con to risk management is that not every single risk is able to be fixed but instead is based on the company’s needs. If my company were to adopt a concept it would be a balance of information assurance with cybersecurity. This would ensure that not only are the devices secure, but also the policies, trainings, and disaster recovery. Having a proper trained cybersecurity team they could also add a few risk management features like password policies, internet security, backing up data, and managing storage
References
Krump, R. (2018, January 6). Information assurance vs. cyber security vs. information security: Clarifying the differences | Lewis University experts blog. Lewis University. https://www.lewisu.edu/experts/wordpress/index.php/information-assurance-vs-cyber-security-vs-
information-security-clarifying-the-differences/
Malak, H. A. (2022, December 15). What is information security risk management? Information Management Simplified. https://theecmconsultant.com/information-security-risk-management/
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help