16 Aug Info Security & Risk Mgmt Provide a reflection of at least 1000 words (or 3 pages double spaced) of how the knowledge, skills, or theories of this course have been applied, or cou
Course – Info Security & Risk Mgmt (ISOL-533-B02)
Provide a reflection of at least 1000 words (or 3 pages double spaced) of how the knowledge, skills, or theories of this course have been applied, or could be applied, in a practical manner to your current work environment. If you are not currently working, share times when you have or could observe these theories and knowledge could be applied to an employment opportunity in your field of study.
Requirements:
Use of proper APA formatting and citations. If supporting evidence from outside resources is used those must be properly cited.
Share a personal connection that identifies specific knowledge and theories from this course.
Demonstrate a connection to your current work environment. If you are not employed, demonstrate a connection to your desired work environment.
You should not provide an overview of the assignments assigned in the course. The assignment asks that you reflect how the knowledge and skills obtained through meeting course objectives were applied or could be applied in the workplace.
Practical Connection
Practical Connection
Rahul Rahul
Summer 2022 – Info Security & Risk Mgmt (ISOL-533-A01) – First Bi-Term
Dr Derek Holbert
University of the Cumberlands
06/23/2022
1
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
ISRM was defined as informative security risk management. This process was majorly
used in many organisations for identifying risks and managing vulnerabilities. This is very
efficient in managing the risks because it’s were associated with information technology. ISRM
was majorly involved in identifying the risks and vulnerabilities in the organisations and also
involves in evaluating, integrity and maintaining the risk confidentiality among the threats.
Learning this course will help in identifying the risk and threads in the organisation (Gulick, et,
al, 2008). From this, we can learn about different stages and treatment methods used in
organizations for controlling the risk in organisations.
At our workplace implementing the informative security risk management helps in
exploring the risk and accomplishing the risk by using the strategies in ISRM. This process can
be implemented by introducing the different stages in the organisation, at my workplace we use
different stages of identification such as identifying control, identifying assets, identifying
vulnerabilities and identifying threats.
Identify control
This stage helps in removing the unwanted access which was found in the organizations.
Control points out the risk with their address and also identifies the vulnerabilities. For example,
if the terminated user seeks access to the specified application then control is involved and
removes all the unwanted access automatically. This can identify the indirect risk with their
addresses.
Identify threats
2
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
This stage helps in identifying the identify the threats and trying to know about the context of the
threat. This stage is very significant which helps in identifying the various activities such as
crime syndicates, and hacktivist groups.
Identify vulnerabilities
This stage helps in identifying the software vulnerabilities which are establishing privacy,
and integrity. This majorly helps in seeking the risk which was at risk and also identifies the
weakness or shortages in the organizations’ techniques.
ISRM process consists of different treatments which are required for analysing the risk
which was identified. Different types of treatments were remediation, mitigations, risk
acceptance, risk avoidance, and transference.
Remediation
This was of the treatments of informative security and risk management. This treatment
helps in controlling the nearly fully fixes the primary risk which was identified (Katsicas &
Sokratis, 2009). In this process primarily we have to identify the vulnerability and then apply
these patches to the vulnerability.
Mitigations
This type of treatment helps in reducing the impact of the risk but it does not fix the risk
completely. By identifying the risk and then creating a firewall rule, this wall enables only
specified system communications.
Risk acceptance
3
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
These methods are used for reducing the risk and lows the impact on the assets of the
organisations. This method can also reduce the time and the efforts it takes in fixing the risks and
also fix the cost of the risk
Risk avoidance
This treatment helps in eliminating all the identified risks in the organisation. If we
identify the risk in the operating systems then these OS will not able to receive any of the
security patches from the OS producers.
4
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/
Practical Connection
References
Gulick, Jessica; Fahlsing, Jim; Rossman, Hart; Scholl, Matthew; Stine, Kevin; Kissel, Richard
(16 October 2008). "Security Considerations in the System Development Life Cycle". doi:10.6028/NIST.SP.800-64r2 – via csrc.nist.gov.
Katsicas, Sokratis K. (2009). "35". In Vacca, John (ed.). Computer and Information Security
Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 605. ISBN 978-0-12- 374354-1.
5
This study source was downloaded by 100000819737319 from CourseHero.com on 08-15-2022 22:58:13 GMT -05:00
https://www.coursehero.com/file/157820139/Practical-Connectiondoc/ Powered by TCPDF (www.tcpdf.org)
