Abstract
The hypergrowth of computing and communications technologies increases security vulnerabilities to organizations. The lack of resources training, the complexity of new technologies, and the slow legislation process to deter the breach of security all constitute to the trends of increasing security risk in an enterprise. Traditional approaches to risk assessment focusing on either the departmental or branch level lacks of an enterprise perspective. Many organizations assess and mitigate security risks from a technology perspective and deploy technology solutions. This approach ignores the importance of assessing security risk in policy and execution. This chapter discusses a systematic and holistic approach to managing security risk. An approach that utilizes the information life cycle and information assurance (IA) assessment points for the creation of policy, monitoring, auditing of security performance, regulate, and initiate corrective action to minimize vulnerabilities. An “information life cycle” is being proposed with its stage value and the underlying security operatives (gate-points) to protect the information. An information assurance framework and its functions to audit the information security implemented in an enterprise are proposed. Organization must assess the value and the business impact of the information, so that optimal and effective security system and security assurance can be designed.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
