Table of Content
Page
Introduction 2
Security Management 4
Threats to IS 8
Countermeasures 10
Conclusion 16
References 17
Risk Analysis: Way to cope up with Information Security Threats
Introduction
Around thirty years ago, IT was at its first stage of development and it was quickly given so much interest that today, it is a very essential part of our daily life and it is also the nervous system of every organization. It would really cause a paralysis to organizations if it turns out those opportunities for unauthorized access to information systems gains gravity from the growth of organizational business internet-working through e-commerce applications. It has become a major worry for organizations and the question is about how risk analysis help to protect organizations. The objective of risk analysis is intended to eradicate or at least reduce the risks and weaknesses that cause an effect on the general operation of organizational computer systems. Hardware and software are the only implications in risk analysis but overviews areas into physical security, human security and business and disaster protection. Among the major problems involved in the usage of risk analysis are the time spent to complete a review, the costing of consultancy or staff development. To counter these negative facets, baseline security standards were created. These standards offer a kind of substitute to conventional risk analysis methods as they minimally imply acceptable security countermeasures that every organization may easily put into practice. These methods are very easy to use, they are cheap and basically no training is essential for their usage. They are also quicker than going through a full security review.
Of course no system is perfect. Few advantages come up with few disadvantages. The generic nature of baseline security means that they may not solve all the organizational security...