Description
Attached are the templates that you must download, complete and submit here. Instructions are located in the templates. Both the excel file and the word file should be submitted.
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Kindle find attached answers
Interested in learning more
about cyber security training?
SANS Institute
Info Sec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without
express written permission.
Information Risks & Risk Management
This brief will cover the various exposures that companies now face as they increasingly rely on
twenty-first century technology. It will cover information in all forms and the new perils that put
this information at risk. Classification of data into categories will determine the type and degree
of risk. The types of processes and controls that firms can implement to minimize these risks will
be examined. Within each section, targeted references and tips are provided for further insight.
Finally, the paper will address...
Abstract
This brief will cover the various exposures that companies now face as they increasingly rely on
twenty-first century technology. It will cover information in all forms and the new perils that put
this information at risk. Classification of data into categories will determine the type and degree
of risk. The types of processes and controls that firms can implement to minimize these risks will
be examined. Within each section, targeted references and tips are provided for further insight.
Finally, the paper will address the steps needed to react, respond, and remediate in the event of
an untoward event. As a postscript, the paper will also cover the forms of insurance available to
help alleviate the financial pain often associated with these types of events.
1. Introduction
In a relatively short period of time, data in the business world has moved from
paper files, carbon copies, and filing cabinets to electronic files stored on very powerful
computers. We have gone from securing paper files in a file room within an office, to
securing data on computers accessed on networks and via the Internet—a massive
paradigm shift.
Managing records in electronic form has created a whole new industry, which, in
turn, has created a seemingly quenchless thirst for smaller, faster, and more powerful
technology. The result is a need for tools to manage and secure this electronic
information efficiently and effectively. One could go on, but you get the point.
We have grown accustomed to experiencing change far more quickly than most of
us could ever have imagined. It is, in fact, this twenty-first century business paradigm
that has given rise to Information Risks. Information Risk is the probability that nonpublic
or confidential electronically stored information could be accessed and/or
exploited by unauthorized parties. It probably does not require much concentration to
name a few companies who have been profiled in the news, not for their products or
services, but for their alleged failure to protect non-public or private information in their
care, custody, and control. Security incidents on computer networks and the ramifications
of someone, or something, gaining unauthorized access to sensitive data are the key
elements of Information Risk, a growing problem for businesses in every sector that
utilizes technology.
Information risk, when uttered out loud in a conference room full of risk
managers, can cause the room to go very quiet. Risk Manag...