IT313 Project One
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
313
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by msheba08
Running head: IT 313 Project One 1
IT 313 Project One
Bathsheba Harris
Southern New Hampshire University
September 10, 2023
IT 313 Project One 2
Scope
The current IT Security Risk Management Plan at Workers Werks Credit Union
(WWCU) is the cornerstone of its comprehensive cybersecurity strategy. This plan delineates
the overarching objectives, striking a delicate balance between risk exposure and cost-
effective mitigation strategies. It provides a detailed coverage of business processes, from
inception to culmination, ensuring a thorough approach to risk management. Furthermore, the
plan adeptly defines its objectives, centering on identifying, assessing, responding,
monitoring, and controlling risks. It orchestrates a seamless integration of every facet of the
implementation life cycle, commencing from the design phase and culminating in the
maintenance phase. By doing so, it not only safeguards the organization's technological
landscape but also aligns with its overarching business goals.
Risk
The current IT Security Risk Management Plan at WWCU stands out in its adeptness
at identifying risks that possess the potential to impact mission-critical business functions and
processes significantly. Through a systematic approach, it recognizes vulnerabilities, threats,
and risks that emanate from both internal and external sources within the industry. One of the
key strengths of this plan lies in its meticulous categorization of risks. It meticulously
classifies risks into distinct components, namely assets, threats, existing controls,
vulnerabilities, and consequences. This ensures that each risk is assessed comprehensively
and in granular detail (Moore, 2022).
Assets, encompassing an array of elements ranging from hardware and software to
invaluable data, are exhaustively identified. Likewise, potential threats, whether from human
factors or natural phenomena, are diligently considered. The plan also considers existing
controls, whether they originate from within the organization or are provided by external
entities. Additionally, it keenly identifies vulnerabilities that may stem from various sources,
IT 313 Project One 3
including design decisions and inadvertent software misuse. Finally, the plan astutely
evaluates the potential consequences of a security breach, distinguishing between the loss of
confidentiality, integrity, and availability. This thorough risk assessment serves as the
foundation for effective risk mitigation strategies.
Impact
The plan accurately gauges how identified risks might impact the organization's
assets. It thoroughly identifies and prioritizes key assets and activities that require protection.
Moreover, it estimates the financial implications of potential losses. The plan classifies assets
into various categories, such as hardware, software, and data, understanding their criticality to
business functions. It considers the potential ramifications of a security breach, ensuring that
the financial impact is estimated for effective risk assessment. Additionally, it addresses the
imperative aspects of business continuity and asset replacement, demonstrating a
comprehensive approach to risk management.
Mitigation
To bring the Risk Priority Number (RPN) down to the least feasible level, the strategy
places a significant emphasis on risk modification and control (ALARP). The implementation
of risk controls is done hierarchically, with information for security coming last and security
by design coming first. Production and servicing security measures come next (Rout &
Sikdar, 2017). This tactical method guarantees that hazards are dealt with thoroughly and
methodically.
Legal Compliance
The proposal exhibits a praiseworthy effort to tackle pertinent legal restrictions
concerning cybersecurity adherence. It complies with both national and international legal
frameworks. Compliance with laws and guidelines, including ISO 31000:2018 and ISO/IEC
27005:2018, is included in the strategy. It guarantees that the company stays under the law
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
IT 313 Project One 4
established by oversight organizations (Diamantopoulou et al., 2020). Furthermore, it
anticipates changes in the legal environment and considers new legal challenges. This
proactive strategy guarantees industry requirements are met and protects the company from
legal consequences.
Non-Compliance
The strategy successfully accounts for the possible repercussions of breaking legal
and regulatory obligations. It acknowledges the seriousness of breaking these requirements
and the possible repercussions. The plan provides a detailed approach to non-compliance,
including remediation and remedial actions. It highlights the importance of following legal
and regulatory frameworks to reduce risks and guarantee organizational integrity.
Ethical Considerations
The strategy shows a dedication to maintaining ethical standards since it complies
with the most recent ethical rules in the cybersecurity industry. The strategy complies with
widely accepted industry norms of ethics, including the SANS IT code. It heavily emphasizes
accountability, openness, and integrity in all cybersecurity procedures. This ethical
framework ensures that the company runs with the utmost professionalism and integrity by
acting as a guiding principle for risk management.
IT 313 Project One 5
References
Moore, D. (2022). Offensive Cyber Operations: Understanding Intangible Warfare. Hurst
Publishers.
Rout, B. K., & Sikdar, B. K. (2017). Hazard identification, risk assessment, and control
measures as an effective tool of occupational health assessment of hazardous process
in an iron ore pelletizing industry. Indian Journal of Occupational and Environmental
Medicine, 21(2), 56. https://doi.org/10.4103/ijoem.ijoem_19_16
Diamantopoulou, V., Androutsopoulou, A., Gritzalis, S., & Charalabidis, Y. (2020).
Preserving digital privacy in e-Participation environments: Towards GDPR
compliance. Information (Basel), 11(2), 117. https://doi.org/10.3390/info11020117