Connecting, collaborating and knowledge share continues advancing. With the proliferation of technology and advances in telecommunication risk is ever present and security vulnerabilities increases proportionally - intrusion, invasions, attacks... have become a reality. ISO/IEC 27002 / 17799:2005 provides fundamentals for a management  system in controlling and improving issues relating to information security risks. A management scheme integral to organizations security strategy for protecting information in support of the business objectives, and assessment of risk has become an integral business activity, ISMS. Risk Assessment must consider risk and applying economically viable best available technology and managerial best principles. Security is a task that needs continual updating, and ISO/IEC 17799 provides and assist through a fundamental and robust, yet agile, managerial scheme... ISO/IEC 27001:2005 - Specification for Information Security management System. . Within the Firewalls... and system pipelines... visit our Advanced Technology Portal

Note: ISO/IEC 15408 is the international information technology security evaluation criteria standard. The Common Criteria (CC) ISO/IEC 15408 is implemented in the USA by the National Information Assurance Partnership (NIAP).

ISO/IEC 27001 2005 specifies the requirements for operating, monitoring, reviewing, maintaining and improving an explicit Information Security Management System based on ISO/IEC 27002. ISO/IEC 27001 comes to replace BS 7799-2. 

Management systems extend their scope to include implementation of system security measurements involving the availability of feasible and proportionate (to the risk) resources, management commitment, and collaborators within firewalls and other related boundaries.

Herein, we provide the initial information for assessment of risk through a viable process.

Basic fundamentals of information security includes risk assessment and thereon advance in applying technologies, methods, et all for reduction of risk. Includes Planning and preparation for worst case scenario. The assessment of risk process, as ISO/IEC 17999 | ISO/IEC 27001 requires, involves:

  1. In collaboration with software developers of the products used within your platform identify security factors that will successfully support the business objectives;
  2. Modeling, identify, evaluate, and implement risk management practices;
  3. Identify or develop security scalable tools for accomplishing robust yet agile risk assessment practices;
  4. Integrate and communicate beneficial increased risk management practices.

"Risk Management" provides management with data and information to understand the factors involving risk, weaknesses, and vulnerabilities of a system-network platform. The information resulting from risk assessment provides (economically feasible) best alternative to prevent and mitigate security breach events-episodes (including worst case scenario).

The protocol for risk management requires to identify, evaluate, and taking action. An effective RA result in providing the following:

  1. Initially identify all existent and potential factors affecting the assets of the enterprise through its networking capabilities;
  2. Qualify the risks identified;
  3. Value the risk based on the potential encounter or probability of occurrence;
  4. Establish a criteria for objectively valuing the risk;
  5. Assign an internal scheme for action on the basis of magnitude to the potential encountering risks. Includes compiling data, convert to information, assisting metrics of potential loss, or damaging assets;
  6. Propitiate the vehicles to integrate into the existent management system measurements to preclude/prevent, reduce, or mitigate risks;
  7. Through documentation practices, applying contemporary technology review and approve practices, and methods in the light of existent and future risks.

The market provides a wealth of information in facing threat and needed security in protection of intellectual assets. ISO/IEC 27002 (and to consider AS/NZS 4360) provide guidelines for implementation and advancement in system security through systematization. Further, organizations may elect for a 3rd Party to verify practices and methods and subsequent surveillance.

Other components, after management protocols for security have been implemented include, but not limited to: Implementation of managerial practices for network security management; Integrate to existent management system; Communicate and promote security practices and awareness within the network collaborators.

Can assist organizations advancing to the implementation of fundamental managerial practices and methods, a measurable management system:   

  1. Top management commitment;
  2. Assigned resources to concert the security efforts;
  3. Identify and implement documented processes. Includes; Identifying threats and probability of occurrence; Identify and qualify severity; What is the  damage in cost?
  4. Participation of various disciplines, internal and external to the organization;
  5. The practice of risk assessment its an ongoing effort;
  6. maintain information accessible and update dynamically within the boundaries of the network;
  7. Management is accountable of decision making (may be sectorial but in concert within the boundaries of the enterprise).

What benefits can an enterprise expect?

    Identification and development of a process for:

    • Prevention
    • Corrective Action
    • Mitigation
    • Disaster Recovery

Assisting in the organization / enterprise objectives toward reduction of risk and thus facilitating competitiveness.

Note: For ISMS ISO/IEC 27002 | ISO/IEC 27001 based it is best through an International Registration Body.

 

 

Risk Assessment and Action Within the Back to Home Portal...