Report

By Earl Willis

Introduction to Security

Instructor Michael A. Cianciotta

Devry University

Organizations generally have vast data storage that usually comprise of sensitive client information that ranges from confidential personal data to crucial financial information. Such information must be safeguarded from access by unauthorized individuals in order to protect client information from being compromised or used for illegal purposes. Apparently, there are several methods of safeguarding client information and many organizations have implemented some of the best security measures. However, with potential vulnerabilities, organizations can still be victimized in a number of security breaches that may compromise the trust of loyal customers (The Control Professionals, 2008). The company’s client credit-card information was compromised due to the presence of a vulnerable wireless connection within the organization. The other breach happened to be an inside job where personal data was stolen from the organization due to weak access-control policies within the organization. As the newly hired Information Security Engineer, I intend to develop a risk-management policy to address the two security breaches and provide a plan for mitigating the risks.

You can define risk as the combination of events that are harmful to the desired state of affairs of an entity, while management involves the intentional process of controlling the movement of behavior of something (Ashford, 2010). Risk management can be described as the overall process of identifying, controlling, as well as managing the impact of unexpected harmful events (Schirick, 2012). Therefore, risk management involves the determination of organization’s risks and then deciding on the appropriate steps of eliminating them. These processes enable managers to establish an economic balance between the costs linked with potential risks and the costs for establishing preventive measures for such risks (Schirick,...