Security Risk Assessment and Audit into the connection of the internal Essay

Security Risk Assessment and Audit into the connection of the internal network with the Internet - Essay ExampleInformation confidentiality is maintained by preventing unofficial persons from accessing vital system information. Integrity handles an aspect that prevents that information from being manipulated by other external sources. Data should also be available for use when require by the relevant parties and not hoarded by other system resources. It is thus fundamental to protect these aspects of data in order to ensure that information within an organization is secure. In order to ensure appropriate security management of information within an organization, it is vital that the mission statement and the charter be delimitate for reference. The mission statement outlines the overall goals that the information security program within the organization seeks to achieve and provides guidelines necessary for strategic direction. The charter, on the other hand, avails provisions fo r the specialised undecomposeds and privileges granted to the security team members from the organization. 1.2 Justification for use of a security metrics program A security management program cannot be realize without the use of security metrics (Dexter, 2002). These are used to show the changing maturity of an information security program over time. The combination of metrics and reportage tools can be used to display the results and outcomes of past investments in information security and guide decisions for future information systems. 2.0 IT Security Management It security venture management is considered a series of steps that are undertaken to ensure the safety of information within an organization. It is a continuous process that begins from the process of assessment right down to implementation. And even after implementation, the process loops back to assessment because risks to information networks are diverse and constantly channelize necessitating the iterative proce ss (Sennewald, 2011). This process is enlarge below Figure 1 An iterative process to IT security Management Risk assessment is the initial step that involves the identification of potential threats to the information networks ((Boyce & Jennings, 2002). establish on the results of this assessment, an appropriate policy is developed to maintain a secure protection framework. This includes the development of security guidelines, assigning security responsibilities to members of staff and implementing total good security protections. Once this has been achieved, a series of compliance reviews and re-assessment activities are conducted to provide assurance that the security controls have been properly implemented. This information is collected through a process of periodic audits on the system (Purser, 2004). 3.0 Differences between a Security Risk Assessment and Security Audit 3.1 Security Risk Assessment This is conducted at the beginning of the process of security management to iden tify areas of change. It is often referred to as the baseline study that will be used to depict the amount of change that the organization has gone through since the last assessment (Snedaker & McCrie, 2011). It includes an analysis of all the assets and processes that relate to the system. It also identifies all the threats that could affect