Computer security and risk management Essay Example | Topics and Well Written Essays - 2750 words

Computer security and risk management - Essay Example This paper presents a Risk Management methodology for multi-national pharmaceutical company in Midlands pertaining to protection of the Information assets and the corresponding business assets of the organization against the known threats to the organization. Introduction: Risk Management is an intelligent mix of qualitative and quantitative analysis. The qualitative analysis procedure essentially requires establishment of a structured and logical assessment framework whereby metrics are assigned to every parameter that is being assessed. The analysis against the metric levels needs to be quantitative based on past experiences (data available), industry experiences (case studies), advice from consultants and internal brainstorming. Every level needs proper justification to a deep level such that serious risks do not remain un-noticed and also meager risks do not get projected to the management as serious simply because they are more talked about in the organization. In this paper a systematic Risk Management procedure is being presented in detail and applied to the case study. The workflow of risk management has been arrived at after a study of National Institute of Standards and Technology), BS ISO/IEC 27001:2005 standard and ISO/IEC 17799:2005 code of best practices. These approaches recommend that the asset values are calculated based on Confidentiality (C), Integrity (I) and Availability (A). Thereafter, the comprehensive list of threats to the business are listed down such that the overall threat value, probability value, vulnerability value and risk value can be calculated for each asset (Olzak, Tom, 2008). Risk Assessment Process: The Risk Management Process proposed in this case study has been presented in the figure below (Figure 1). This methodology requires that all the assets are first collated and their characterization is done in terms