nfpa1600.pdf | |
File Size: | 968 kb |
File Type: |
buisness_continuity_guidlines.pdf | |
File Size: | 731 kb |
File Type: |
general_security_risk_assesment_guidlines.pdf | |
File Size: | 425 kb |
File Type: |
My reflection on meeting this outcome:
Risk Management
Operation risk management (ORM) is the ability to determine if something you are doing or are going to do is too risky to do; this can be applied to all aspects of your business. Asset protection or measurable metrics, risk can be applied in evaluating what needs to be accomplished. Asset protection can include personal, information and property. Though each very important you must decide which can pose the greatest risk to your facility or company. Personal for example, key employees can be the difference in a company from succeeding or failing. Steve jobs for example is something would have happened to him early on in his career we may have had pear computers instead of apple. Assets which if not one of a kind can be replaced, information on the other hand can do more damage if not properly secured. Proper training and awareness can reduce your risk by 50%. “Research shows that organizations with well-understood security policies suffer fewer breaches, and companies with an ongoing security awareness program suffer 50 percent less breaches” (Ferrara, 2013).
Risk mitigation is key to the success of any company; it allows you to create policies, regulations and standards. Though risk is in everything we do, at times it’s up to you to get the right information so that others (management, supervisors) can make an educated decision whether to accept certain risk or allow it.
Risk Intelligence
Risk intelligence is similar to business continuity but takes intelligence into consideration. A business continutity is a plan set in place in case of emergency. Natural, man made or something more malicious like an insider threat or corporate espionage. A business continuity plan explains who, what, when, why and how thing are going to be handled. Unfortunately for business continuity plans are almost a cookie cutter example on how things will be handled. Risk Intelligence plans takes everything into consideration people, information and property. But it then goes deeper as far as how each component works and is dependent on one another. For example an accounting firm, law firm and marketing firm all have the same vendor as a customer each containing different positions and information that is useful to an adversary. If i need account numbers i am more liekly to find them in an account firm than a law firm. If i am looking for patent information then the law firm is where i will be searching. Risk intelligence takes those assets into consideration when creating an effective assessment.
My Future Learning Goals related to this Outcome:
Theres risk in everything we do, from mowing the lawn to going out for the night. Most people don’t see risk in what they do and assume the responsibilities afterwards, which ends up costing them more in the long run. I started this company on the basis of that I want to teach people that crimes can be mitigated utilizing risk mitigating tools. By understanding the threat, you can easily and effectively deter risk and the criminal threat. For example in Sedgwick County there were 62 burglaries in 60 days from March 1st to April 30th. Criminal were breaking into homes two ways, garage doors and back patio doors. So this creates a trend and based off that trend you create countermeasures. Reinforce garage doors and reinforce windows hence eliminating the threat of both burglaries.
I plan on researching Risk Intelligence and enhancing the ability to apply specific threat to specific vulnerabilities which will eliminate unneeded time, resources and manpower. Risk intelligence applies intelligence-based research to a specific target identifying threat and vulnerabilities to that company’s service or product. For example, an accounting firm will have different information than an marketing firm. This is important to the criminal, if they are looking for tax information your not going to find it at the marketing firm, but if you’re looking at some way to take out your competitors advertising slogan then the marketing firm is your target.
Southwesterns College Security Administration degree program has given me the foundation to develop my own ideas, challenge other ideas and show my peers that Physical and Network security need to be a combined element allowing future security professional the ability to be more effective.
I will continue to grow and foster new ideas as the risk and threats changes. Information technology is a double edge sword which is evolving at alarming rates. I will continue to challenge myself and those under me to create and mitigate risk before they can be implemented and become threats.
Risk Management
Operation risk management (ORM) is the ability to determine if something you are doing or are going to do is too risky to do; this can be applied to all aspects of your business. Asset protection or measurable metrics, risk can be applied in evaluating what needs to be accomplished. Asset protection can include personal, information and property. Though each very important you must decide which can pose the greatest risk to your facility or company. Personal for example, key employees can be the difference in a company from succeeding or failing. Steve jobs for example is something would have happened to him early on in his career we may have had pear computers instead of apple. Assets which if not one of a kind can be replaced, information on the other hand can do more damage if not properly secured. Proper training and awareness can reduce your risk by 50%. “Research shows that organizations with well-understood security policies suffer fewer breaches, and companies with an ongoing security awareness program suffer 50 percent less breaches” (Ferrara, 2013).
Risk mitigation is key to the success of any company; it allows you to create policies, regulations and standards. Though risk is in everything we do, at times it’s up to you to get the right information so that others (management, supervisors) can make an educated decision whether to accept certain risk or allow it.
Risk Intelligence
Risk intelligence is similar to business continuity but takes intelligence into consideration. A business continutity is a plan set in place in case of emergency. Natural, man made or something more malicious like an insider threat or corporate espionage. A business continuity plan explains who, what, when, why and how thing are going to be handled. Unfortunately for business continuity plans are almost a cookie cutter example on how things will be handled. Risk Intelligence plans takes everything into consideration people, information and property. But it then goes deeper as far as how each component works and is dependent on one another. For example an accounting firm, law firm and marketing firm all have the same vendor as a customer each containing different positions and information that is useful to an adversary. If i need account numbers i am more liekly to find them in an account firm than a law firm. If i am looking for patent information then the law firm is where i will be searching. Risk intelligence takes those assets into consideration when creating an effective assessment.
My Future Learning Goals related to this Outcome:
Theres risk in everything we do, from mowing the lawn to going out for the night. Most people don’t see risk in what they do and assume the responsibilities afterwards, which ends up costing them more in the long run. I started this company on the basis of that I want to teach people that crimes can be mitigated utilizing risk mitigating tools. By understanding the threat, you can easily and effectively deter risk and the criminal threat. For example in Sedgwick County there were 62 burglaries in 60 days from March 1st to April 30th. Criminal were breaking into homes two ways, garage doors and back patio doors. So this creates a trend and based off that trend you create countermeasures. Reinforce garage doors and reinforce windows hence eliminating the threat of both burglaries.
I plan on researching Risk Intelligence and enhancing the ability to apply specific threat to specific vulnerabilities which will eliminate unneeded time, resources and manpower. Risk intelligence applies intelligence-based research to a specific target identifying threat and vulnerabilities to that company’s service or product. For example, an accounting firm will have different information than an marketing firm. This is important to the criminal, if they are looking for tax information your not going to find it at the marketing firm, but if you’re looking at some way to take out your competitors advertising slogan then the marketing firm is your target.
Southwesterns College Security Administration degree program has given me the foundation to develop my own ideas, challenge other ideas and show my peers that Physical and Network security need to be a combined element allowing future security professional the ability to be more effective.
I will continue to grow and foster new ideas as the risk and threats changes. Information technology is a double edge sword which is evolving at alarming rates. I will continue to challenge myself and those under me to create and mitigate risk before they can be implemented and become threats.
works_cited.docx | |
File Size: | 15 kb |
File Type: | docx |