Scribd Logo
Upload

Welcome to Scribd!

  • 29 views

    Tugas Personal Ke-3: - IT Security and Risk Management

    Uploaded by

    Pamungkas Setyo
    IT risk management identifies potential problems and opportunities to reduce harm. Contingency planning mitigates risks through avoidance, transference, mitigation, and acceptance. Key aspects include identifying, controlling, and assessing risks. Four teams are involved in contingency planning: the CP, IR, DR, and BC teams. Communities of interest include business, IT, and information security stakeholders.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Tugas Personal Ke-3: - IT Security and Risk Management

    Uploaded by

    Pamungkas Setyo
    29 views4 pages
    IT risk management identifies potential problems and opportunities to reduce harm. Contingency planning mitigates risks through avoidance, transference, mitigation, and acceptance. Key aspects include identifying, controlling, and assessing risks. Four teams are involved in contingency planning: the CP, IR, DR, and BC teams. Communities of interest include business, IT, and information security stakeholders.

    Original Title

    20170912140303_TP3-W7-S8-R0 [TERJAWAB].docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    IT risk management identifies potential problems and opportunities to reduce harm. Contingency planning mitigates risks through avoidance, transference, mitigation, and acceptance. Key aspects include identifying, controlling, and assessing risks. Four teams are involved in contingency planning: the CP, IR, DR, and BC teams. Communities of interest include business, IT, and information security stakeholders.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    29 views4 pages

    Tugas Personal Ke-3: - IT Security and Risk Management

    Uploaded by

    Pamungkas Setyo
    IT risk management identifies potential problems and opportunities to reduce harm. Contingency planning mitigates risks through avoidance, transference, mitigation, and acceptance. Key aspects include identifying, controlling, and assessing risks. Four teams are involved in contingency planning: the CP, IR, DR, and BC teams. Communities of interest include business, IT, and information security stakeholders.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 4

    Tugas Personal ke-3

    1. What are the purposes to study IT Risk Management and what is relation to
    contingency planning?
    2. Please explain what are the Identify Risk, Control Risk, and Assessment Risk.
    3. What are the four basic strategies used to control risk? Define each
    4. What four teams may be subordinate to the Contingency planning Management
    Team?
    5. What are the three communities of interest, and why are they important to
    contingency plan?

    <<Kd Course>> - IT Security and Risk Management


    1. The purpose of risk management is to identify potential problems before they
    occur, or, in the case of opportunities, to try to leverage them to cause them to
    occur. Risk-handling activities may be invoked throughout the life of the project.
    The risk mitigation plan for a given risk includes techniques and methods used to
    avoid, reduce, and control the probability of occurrence of the risk, the extent of
    damage incurred should the risk occur (sometimes called a “contingency plan”),
    or both.

    2. Identify Risk, Control Risk, and Assessment Risk.


     Identify Risk
    This is the process of examining each work area and work task for the
    purpose of identifying all the risks which are “inherent in the job”. This
    process is about finding what could cause harm in work task or area.
     Control Risk
    Taking actions to eliminate health and safety risks so far as is reasonably
    practicable. Where risks cannot be eliminated, then implementation of
    control measures is required, to minimise risks so far as is reasonably
    practicable. A hierarchy of controls has been developed and is described
    below to assist in selection of the most appropriate risk control measure/s.
     Assessment Risk
    Is defined as the process of assessing the risks associated with each of the
    hazards identified so the nature of the risk can be understood. This
    includes the nature of the harm that may result from the hazard, the
    severity of that harm and the likelihood of this occurring.

    3. Four basic strategies are used to control the risks that result from vulnerabilities:
     Avoidance

    <<Kd Course>> - IT Security and Risk Management


    Avoidance attempts to prevent the exploitation of the vulnerability. This is
    the preferred approach, as it seeks to avoid risk in its entirety rather than
    dealing with it after it has been realized. Accomplished through countering
    threats, removing vulnerabilities in assets, limiting access to assets, and/or
    adding protective safeguards.
     Transference
    Transference is the control approach that attempts to shift the risk to other
    assets, other processes, or other organizations. If an organization does not
    already have quality security management and administration experience,
    it should hire individuals or firms that provide such expertise. This allows
    the organization to transfer the risk associated with the management of
    these complex systems to another organization with established experience
    in dealing with those risks.
     Mitigation
    Mitigation attempts to reduce the impact of exploitation through planning
    and preparation. The most common of the mitigation procedures is the
    disaster recovery plan or DRP. The actions to take while the incident is in
    progress defined in the incident response plan or IRP. Longer term issues
    are handled in the business continuity plan or BCP.
     Acceptance
    Acceptance of risk is doing nothing to close a vulnerability and to accept
    the outcome of its exploitation. Risk appetite describes the degree to which
    an organization is willing to accept risk as a trade-off to the expense of
    applying controls.

    4. Four teams of individuals are involved in contingency planning and contingency


    operations:
     The CP team
     The incident recovery (IR) team.
     The disaster recovery (DR) team

    <<Kd Course>> - IT Security and Risk Management


     The business continuity plan (BC) team

    5. Contingency Planning Team


     Champion : The CP project must have a high level manager to support,
    promote , and endorse the findings of the project.
     Project Manager : A champion provides the strategic vision and the
    linkage to the Power structure of the organization.
     Team members : The team members for this project should be the
    managers or their representatives from the various communities of interest:
    Business, Information technology, and information security.

    <<Kd Course>> - IT Security and Risk Management

    You might also like