The ISRA methodology is used by a system designer, manager, or security analyst to identify security concerns, develop an action plan, analyze costs, and assign responsibilities. The process allows a facilitator to perform a subjective risk assessment on a particular system, application, or other corporate assets. The ISRA involves the system users from the very… Continue reading Information Security Risk Analysis (ISRA)
Tag: MSISA
Employment Policies and Information Security Program
The security of any solution is as good as the weakest link. Most of the time humans who interact with the solution is the weakest link. Regardless of the security controls applied in the solution, be it physical or logical, people always try to find a way to avoid, circumvent, subvert or disable them. Humans… Continue reading Employment Policies and Information Security Program
Applying Awareness and Ethics
A successful implementation of an information security program requires a well-planned security awareness and training program that addresses policies, standards, and procedures. (Peltier & Peltier, 2004) The awareness and training program should encourage employees to make the right decision among alternatives in a manner consistent with ethical principles. (Josephson Institute of Ethics, 2016) This paper… Continue reading Applying Awareness and Ethics
Network in Small Businesses
Small cloud businesses are startup companies that rely on Infrastructure-as-a-Service (IaaS) providers for hosting their cloud applications. They could be Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) providers for their customers. While relying on the network controls of the IaaS for their applications, small cloud businesses must maintain their own network for business operations and software development.… Continue reading Network in Small Businesses
Best of Breed or Best Suite of Products
Should organizations implement layered defenses from different vendors? Should we rely upon a single vendor for an organization’s overall security? According to a Gartner research paper, “Two firewall platforms are not better than one. We believe there is a higher risk associated with configuring and managing firewalls from multiple vendors than from a single vendor.… Continue reading Best of Breed or Best Suite of Products