Information Security audit and risk Assessment

TOP CATEGORIES

BUSINESS NEWS

Information Security audit and risk Assessment

Date Added: November 30, 2009 11:04:36 AM

Category: Business Services: Virtual Assistant

Information security

Security is a necessity. It is imperative in case of information storing and protection. Protecting information, its privacy, integrity and availability, is precisely known as information security. Today, various companies store highly confidential data and private information on their computer systems.

Most companies are information-based and store the same on their computers. Data, like bank details, employee salary, personal staff details, so on and so forth, are stored on the machines. Firewalls are not sufficient to protect information from hackers.

One of the major threats to information security is the employees who use the computer systems. Security, in this case, can easily be compromised, in lieu of a hefty sum of money. Simple change in password and use of tough combinations makes it difficult for hackers to access private information.

Information security audit and risk assessment

Security risk assessment is performed at the initial stage to identify and implement security measures as per requirement.

Information security audit is a process of regular scrutiny to ensure proper implementation and functioning of security measures.

The first step to assess information security risk is to identify and evaluate the consequences associated with susceptibility followed by the implementation of a cost-effective program for security. This entire process consists of structuring security guidelines and policies as well as assigning responsibility of security and employing protections for technical security. This is again followed by cyclic reviews of compliance, along with upgradation in tandem with rapid enhancement of technology. The following points are also necessary for information security.

Implementation of proper security measures

Promoting awareness of security to cultivate employee commitment

Providing employee training for security skills

Maintaining security incident reporting and handling procedure

Monitoring the security practices regularly

Holding intermittent security audits

Process of audit and risk assessment:

The systematic process of risk assessment has been elucidated below:

Assessing assets and processes associated with the system

Determining potential threats to integrity, confidentiality and availability of the computer system

Assessing the vulnerabilities of the system

Analyzing potential risks and consequences from threat activity

Determining the protection requirements for risk control

Selecting and implementing appropriate security procedures

Interviewing the admin, network operators and users who may provide further information

The process of information security audit is given below:

Obtaining checklists for inventory and auditing that covers network architecture, web application, and wireless network among others

Reviewing in order to figure out loopholes in security measures

Implementation of technical support for proper functioning of audit system

Preparing a status report to emphasize on conformance and gaps between implementation of security measures and security policies

Protecting information

Once your information audit is complete, protecting the audit data and tools become imperative. You cannot keep it online. The best possible way to handle the situation is by encrypting data and storing it in a secondary media storage device. The physical documentation must be obtained directly from the unauthorized users.

Maintain audit tools through regular monitoring. Eliminate these tools from the operational and developmental systems after use.

Source:http://www.ltechindia.com

Bookmark this Article: