Governance Of Enterprise IT

  You have been hired by a large public university as the lead of IT security. The university has adopted Microsoft technologies for most of the IT applications. The Chief Information Officer has asked you to create a process for IT security risk assessment reviews for all IT purchases. Respond to the following questions:   > What are some key activities that managers need to be mindful of when creating a risk assessment policy? > How would you start a ground up risk assessment process? Who should be involved? > What will you need to review all applications purchased for IT?  

Sample Solution

   
  • Identify the assets that need to be protected. This includes both physical assets, such as computers and servers, and data assets, such as student records and financial information.
  • Assess the threats and vulnerabilities that these assets face. This includes both internal threats, such as employee negligence, and external threats, such as cyberattacks.
  • Determine the likelihood and impact of each threat. This will help to prioritize the risks and focus resources on the most critical areas.

Full Answer Section

     
  • Develop controls to mitigate the risks. This could include things like implementing security policies and procedures, using security software, and training employees on security best practices.
  • Monitor and update the risk assessment on an ongoing basis. This is important to ensure that the risks are being managed effectively and that new risks are being identified.
Here are some steps on how to start a ground-up risk assessment process:
  1. Establish a risk assessment team. This team should include representatives from all areas of the organization, including IT, finance, and legal.
  2. Define the scope of the risk assessment. This will include identifying the assets that need to be protected, the threats and vulnerabilities that these assets face, and the likelihood and impact of each threat.
  3. Gather information about the risks. This could include things like reviewing security policies and procedures, conducting interviews with employees, and scanning for vulnerabilities.
  4. Assess the risks. This will involve using a risk assessment methodology to determine the likelihood and impact of each threat.
  5. Develop risk mitigation strategies. This will involve implementing controls to reduce the likelihood and impact of each threat.
  6. Document the risk assessment findings. This will help to track the progress of the risk assessment and to ensure that the risks are being managed effectively.
The following people should be involved in the risk assessment process:
  • IT security manager
  • IT risk manager
  • Business unit managers
  • System owners
  • Security analysts
  • Compliance officers
  • Legal counsel
The following things will need to be reviewed for all applications purchased for IT:
  • The application's security features
  • The application's vendor's security track record
  • The application's compliance with security standards
  • The application's impact on the university's IT infrastructure
  • The application's cost
By following these steps, you can create a comprehensive risk assessment process that will help to protect the university's IT assets.  
We are here to help
We have crazy offers
It’s quick and easy to place an order. We have an efficient customer service that works 24/7 to assist you.It’s quick and easy to place an order. We have an efficient customer service that works 24/7 to assist you.

We are here and ready to help

Order Now

IS IT YOUR FIRST TIME HERE? WELCOME

USE COUPON "11OFF" AND GET 11% OFF YOUR ORDERS

PLACE AN ORDER NOW REGISTER NOW