Running Head: Assessment of Risk
Assessment of Risk
Timothy Davis
IS3350
The purpose of this policy to create a set of guidelines and best practices in order to protect not only the organizations assets, but it's employees as well. Although this company has not aired a commercial in over 50 years, the organization is a very visible target for criminals, hackers and fraudulent persons. Due to this continuing and evolve threat, measures need to be taken to provide protection to the information and data these persons may attempt to acquire.
According to the 2015 Verizon Data Breach Investigations Report (DBIR), 70% of incidents are financially driven. There is a growing “black market” for the selling, trading and buying of others' personal data. As this organization handles thousands of person’s personal data every day, we will continue to be a potential target. The consequences of such a data breach go beyond the fines and audits the organization can face, but it would also cost the company the loss of our customers' confidence and possibly damage the organizations' reputation.
To assist in combating this growing threat, the company’s risk management process should be reviewed once a year. This process should include a quarterly risk assessment performed to help identify any new threats and vulnerabilities to the organization. A quarterly risk response review should be performed, allowing the company to update any policies and controls necessary. Annual and/or semi-annual training for all employees on known threats and vulnerabilities. This will allow the company to maximize its efforts in reducing the risks it faces. Finally, a continuous monitoring plan of the company’s controls and polices should be made. This plan will include controls both physical and digital, polices covering not only employee activities and duties but IT systems as well, and outline the monitoring of the organization’s network to include both inbound and...