Question

write a Security Plan Proposal as a project draft document

create a fictitious company and Briefly provide an overview/description of your fictitious company.

Identify and discuss the importance of risk assessment to the organization’s security framework? Discuss the five layers of risk.

Answer 1

Consider a company that works with different types of clients all across the world and offers the software as per their needs.

Importance of risk assessment to the security framework of the organization:

• Risk assessment helps in identifying the security threats to the business of an organization in advance and helps in preventing it from occurring.
• Finding the weaknesses of the system helps in taking precautionary measures and prevents the breakdown of the system.
• Risk assessment helps in keeping the data safe and prevents it from losing. Risk assessment measures also increase awareness about the potential threats of the system and safeguard the data.
• Sometimes employee habits, actions, and negligences can cause a threat to security inside the organization, awareness about the problems can help prevent those actions in the first place.
• Different systems of the organization may require different ways of securing the system. Risk assessment helps in identifying potential and effective ways to secure these different systems.

Five layers of risk are as follows:

Layer 1:

• The first layer of the risk is associated with external risks.
• In most cases, these types of risks are dangerous to the business as they can shut down the business.
• Examples are natural disasters, hurricanes, flooding, etc.
• They affect the organization as well as the customers.

Layer 2:

• The risk associated with this layer are risks of the facilities.
• Facilities such as medical emergencies, electrical power, telephone wires, etc. are great utilities but their damage is also risky for the organization's business.

Layer 3:

• These risks are related to data systems.
• Different computers in the organization share different types of information along with performing various activities.
• Data loss can cause legal problems in the organization.
• Data systems should have their own level of security measures to keep the data of the company intact.

Layer 4:

• These are departmental risks.
• Every department of the company performs critical operations.
• It is important for the organization to have all the departmental goals met.
• Each department makes use of its own programs as well as tools to perform the tasks evenly.
• The security risk to these programs as well as tools can cause overall performance degradation.

Layer 5:

• This layer involves the System desk area.
• These types of risks are related to tasks and jobs performed on the system and on the desk.
• Keeping important documents on the desk, writing passwords, leaving the system logged in, etc. can expose a lot of sensitive data about the company.