Information security analysis
There are many goals and objectives that might be considered by an organization before undertaking a security analysis and assessment. Some of the objectives may that it is a requirement for some regulations on information use. Another objective is that an organization may require having an accurate inventory of assets that are used for information and communications technology (Taylor et al., 2011). These assets are then used to manage the data that is in the organization. Another objective is that the organization will have a record of the threats and vulnerabilities that are likely to occur. This will enable the organization to prepare well for these risks. They will have measures put in place to ensure that these threats do not take place. Another objective is that the organization can then put the threats, risks, and vulnerabilities in a priority. This will enable the organization to budget for the risks which are deemed most likely to occur. The risks and threats which will cause the most damage will be dealt with first. This will enable the organization to budget for the risks and threats. The organization will also be able to lay down mitigation strategies for combating the risks. Instead of waiting for risks to happen and then look for solutions, it is better to have solutions and necessary measures in order to avoid the risks. It is also important to identify the gaps and voids that are available in information systems and infrastructure of the organization. There will be measures put in place to seal these gaps. Conducting a risk analysis will also enable an organization to understand the return on investment of the IT systems which have been put in place. It is important to understand the value of the IT systems and if the risks they possess are worth taking (Taylor et al., 2011).
Target audience
The target audience for performing a risk analysis in an organisaiton includes senior management. These are the owners of the organization who will authorize the mitigation strategies as they are the sponsors of these strategies. The IT team is also another audience that will be interested with the risk analysis. This is because they are the people who interact with the system. Having the risks that are associated with the different areas of the IT infrastructure will help the team focus on those areas and take caution on how to mitigate the risks. Another team is the IT security staff. These are the people who will come up with mitigation strategies. They will advise the organization on the steps that are required to effectively deal with the risks that have been mentioned. The IT technical programmers are also required to have this information. They will seek ways in which to seal the security holes that have been identified in the risk analysis (Garfinkel, Farrell, Roussev, & Dinolt, 2009).
The business and functional managers are another target audience. This is because they will be required to understand the business processes that are highly at risk. This way, they will have ways in which they will protect information from getting lost.
Steps to undertake risk analysis
The first step in risk analysis is assessment and evaluation of the risks. In this step, the likely risks are identified. The departments and business functions that will be affected will also be identified. The areas that might be harmed will also be assessed to see how the risks will affect them (Schneier, 2011).
The second step would be to list the threats that would affect the systems and information technology infrastructure. The threats will then be listed following the priority in which they occur. The threats would also be assessed to look at the mitigation strategies that can be applied in order to eradicate the threats from occurring.
The third step would be to suggest cost-effective security measures that the organization should take. These are the mitigation steps that the organization in question can take in order to reduce the likelihood of the risks occurring. The steps that are suggested should be cost-effective to organization. They should be effective and done in order of priority. There will be risk assessment to know which risks are likely to occur and the ones which will take time.
Types of security
One of the security issues that I would suggest is denial of service. The information systems would be attacked and made to be busy so that there is no activity going on. This will affect the way business processing is undertaken.
Another security issue is virus attack. This is where the systems and office applications are affected by viruses. With this, there will be loss of information and the information will lose integrity and confidentiality.
Mitigation steps
For network attacks and denial of service, the mitigation step to take is to have network detection and intrusion systems. These systems will show the programs that are not authorized in the system.
The mitigation steps for viruses and malware attacks are to have antivirus applications installed. The tools should be updated regularly. This will enable the antivirus to check and eradicate the viruses available in the system.
References
Garfinkel, S., Farrell, P., Roussev, V., & Dinolt, G. (2009). Bringing science to digital forensics with standardized forensic corpora. Digital investigation, 6, S2-S11.
Schneier, B. (2011). Secrets and lies: digital security in a networked world. Wiley. com.
Taylor, R. W., Fritsch, E. J., Liederbach, J., & Holt, T. J. (2011). Digital crime and digital terrorism (2nd ed.). Upper Saddle River, NJ: Prentice Hall.
