Risk Management Quantitative Model of Business

Question: Describe about the Risk Management for Quantitative Model of Business. Answer: Topic1: Information Security Basics The paper highlights the basics of information security for finding its key characteristics and differentiating the information security management with the help of the general business management. Security funding and planning procedure helps in differentiating three different decision makers, which includes community of information security, community related with information technology and general business.[1] Security is achieved with the help of various strategies that is undertaken and used in combination with one another. The role of the management is to ensure that the strategy must be planned, directed, and controlled in the organization. The paper describes the various threats with proper example and description. The privacy of information is very much required within the organization for collecting and selling different types of information. It is analyzed in this paper that it is very much important to have an information system which can be easily recognized by different individual users. The main principles of information security management system includes policy, different types of planning and programs, it also includes different types of projects, people and protection.[2] The paper highlights that policy and programs are very much required in the organization for setting the organizational guidelines that helps in dictating certain specific behavior within the organization. The general policies include enterprise policy which is related with the information system, security related policy and system specific policies. It is analyzed that people and projects are the most important link in the InfoSec programs and the processes which are undertaken by the InfoSec includes project management. Topic2: Information Security Planning The paper highlights the fact that security is one of the outmost important for identifying different roles and principal components of information security for implementing various planning process for the organization. The roles are planned by involving various interrelated processes and groups of organization. [3]The main factors that affects the method of planning includes physical, political, technological and competitive environment. Strategic and input decisions are taken by the stakeholders of the organization for planning different processes. It is analyzed in this paper that value statement is one of the most important position that a management system of an organization must articulate. Strategic planning is one of the processes that guide different organizational efforts and thus it helps in focusing on different resources. The paper discusses various types of planning which mainly includes tactical planning and operational planning. [4]The tactical planning has more short term focus as compared to strategic planning. The component that includes tactical planning includes budgeting and resource allocation. Operational planning is used by the managers and employees of the organization in order to organize various day to day tasks. In the analysis phase of the research the team studies different types of documents for investigating various types of legal issues and it also in providing solutions. The paper discusses various types of threats which are presented with proper description and examples. The analysis of SecSDLC analyses various types of thefts, vulnerability and exploitation. The paper also describes implementation and design of SecSDLC that includes various roles which includes data owner, data users and many more. Topic3: Information Security Planning and Program The assignment highlights the information security planning and program. It is reflected in this paper that security policy is a written instruction for informing employees their behavior according to the use of information assets. [5]The security policy is mainly designed in order to provide structures that will be helpful in explaining the will of the organization. The paper explains the guidelines that are necessary for creating the IT and InfoSec policy. Bulls eye model is used for providing a mechanism for prioritization by emphasizing the different roles that are required for an information security planning. [6]The model of bulls eye contains four layers which include networks, systems, policies and application. The paper discusses the need of information system security in different enterprises. There are many challenges or issues that are related with specific security policy. The issue specific security policy helps in providing detailed ad targeted guidance in order to instruct every employee of the organization. The paper explains various access controls for accessing the storage and network communication devices of the organization. the configurationally rules helps in instructing odes that helps in guiding the execution of the system while information passes through it. There are many security based systems which require configuration scripts in order to dictate the functions that are required to be performed. References Anton, Nicolae and AniÈâ„ ¢or Nedelcu, "Security Information And Risk Management Assessment" (2015) 809-810AMM Bernardo, Danilo Valeros, "Security Risk Assessment: Toward A Comprehensive Practical Risk Management" (2012) 5IJICS Bojanc, Rok and Borka Jerman-BlaÃ…Â ¾iÄ , "A Quantitative Model For Information-Security Risk Management" (2013) 25Engineering Management Journal El Hadi, Mohamed M., "Assessing Information Security Risk Management In Organizations" (2014) 13Compunet ( The Egyptian Information Journal ) Michael, Katina, "Security Risk Management: Building An Information Security Risk Management Program From The Ground Up" (2012) 31Computers Security Webb, Jeb et al, "A Situation Awareness Model For Information Security Risk Management" (2014) 44Computers Security