Evan Anderson
IS4550
Security Policies and Implementation
Unit 7 (July 29, 2016)
Risk Management
Learning Objective
- Describe the different ISS policies associated with risk management.
Key Concepts
- Business risks related to information systems
- Risks associated with the selected business model
- Policies specific to risk assessment, business impact analysis (BIA), and business continuity plans (BCPs)
- Policies connected with disaster recovery plans (DRPs)
- Differences between public and private examples of risk management policies
Reading
- Johnson and Merkow, Chapter 11: Data Classification and Handling Policies and Risk Management Policies.
- NIST: SpecialPublication 800-171
- SC Magazine: Fear of Hacking Survey
- Vormetric: Fear of Hacking Survey Press Release
Keywords
- Business Risks
- Business Impact Analysis (BIA)
- Risk Assessment
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Risk Management
- Recovery Time Objectives (RTO)
Assignments and Study Materials
- Unit 7 Lecture Slides
- Unit 7 In-Class Discussion: Fear of Hacking Survey
- Unit 7 Lab: Create draft security policies for three additional security requirements identified below in NIST Special Publication 800-171:
- Incident Response (Requirement 3.6)
- Risk Assessment (Requirement 3.11)
- Security Assessment (Requirement 3.12)
- Unit 7 Assignment 7.3: Risk Management in a Business Model
Questions and Feedback
Use the form below to ask questions or provide feedback about the concepts covered during Unit 7's session of class: