IT313 Project One
.docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
313
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by msheba08 on coursehero.com
Running head: IT 313 Project One 1
IT 313 Project One
Bathsheba Harris
Southern New Hampshire University
September 10, 2023
IT 313 Project One 2
Scope
The current IT Security Risk Management Plan at Workers Werks Credit Union
(WWCU) is the cornerstone of its comprehensive cybersecurity strategy. This plan delineates
the overarching objectives, striking a delicate balance between risk exposure and cost-
effective mitigation strategies. It provides a detailed coverage of business processes, from
inception to culmination, ensuring a thorough approach to risk management. Furthermore, the
plan adeptly defines its objectives, centering on identifying, assessing, responding,
monitoring, and controlling risks. It orchestrates a seamless integration of every facet of the
implementation life cycle, commencing from the design phase and culminating in the
maintenance phase. By doing so, it not only safeguards the organization's technological
landscape but also aligns with its overarching business goals.
Risk
The current IT Security Risk Management Plan at WWCU stands out in its adeptness
at identifying risks that possess the potential to impact mission-critical business functions and
processes significantly. Through a systematic approach, it recognizes vulnerabilities, threats,
and risks that emanate from both internal and external sources within the industry. One of the
key strengths of this plan lies in its meticulous categorization of risks. It meticulously
classifies risks into distinct components, namely assets, threats, existing controls,
vulnerabilities, and consequences. This ensures that each risk is assessed comprehensively
and in granular detail (Moore, 2022).
Assets, encompassing an array of elements ranging from hardware and software to
invaluable data, are exhaustively identified. Likewise, potential threats, whether from human
factors or natural phenomena, are diligently considered. The plan also considers existing
controls, whether they originate from within the organization or are provided by external
entities. Additionally, it keenly identifies vulnerabilities that may stem from various sources,
IT 313 Project One 3
including design decisions and inadvertent software misuse. Finally, the plan astutely
evaluates the potential consequences of a security breach, distinguishing between the loss of
confidentiality, integrity, and availability. This thorough risk assessment serves as the
foundation for effective risk mitigation strategies.
Impact
The plan accurately gauges how identified risks might impact the organization's
assets. It thoroughly identifies and prioritizes key assets and activities that require protection.
Moreover, it estimates the financial implications of potential losses. The plan classifies assets
into various categories, such as hardware, software, and data, understanding their criticality to
business functions. It considers the potential ramifications of a security breach, ensuring that
the financial impact is estimated for effective risk assessment. Additionally, it addresses the
imperative aspects of business continuity and asset replacement, demonstrating a
comprehensive approach to risk management.
Mitigation
To bring the Risk Priority Number (RPN) down to the least feasible level, the strategy
places a significant emphasis on risk modification and control (ALARP). The implementation
of risk controls is done hierarchically, with information for security coming last and security
by design coming first. Production and servicing security measures come next (Rout &
Sikdar, 2017). This tactical method guarantees that hazards are dealt with thoroughly and
methodically.
Legal Compliance
The proposal exhibits a praiseworthy effort to tackle pertinent legal restrictions
concerning cybersecurity adherence. It complies with both national and international legal
frameworks. Compliance with laws and guidelines, including ISO 31000:2018 and ISO/IEC
27005:2018, is included in the strategy. It guarantees that the company stays under the law
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help