Question

Project 13.3: Assessing Risk Management According to the FFIEC Information Security InfoBase Handbook ( Appendix A...

Project 13.3: Assessing Risk Management According to the FFIEC Information Security InfoBase Handbook ( Appendix A ), the initial step in a regulatory Information Technology Examination is to interview management and review examination information to identify changes to the technology infrastructure, new products and services, or organizational structure.

1. Explain how changes in network topology, system configuration, or business processes might increase the institution’s information security–related risk. Provide examples.

2. Explain how new products or services delivered to either internal or external users might increase the institution’s might increase the institution’s information security–related risk. Provide examples.

3. Explain how loss or addition of key personnel, key management changes, or internal reorganizations might increase the institution’s information security–related risk. Provide examples.

0 0
Add a comment Improve this question Transcribed image text
Answer #1

1. Changes in network topology or system configuration might bring security-related challenges. For example, adopting a new system configuration which is low in cost but also very new in the Industry might be vulnerable to the existing security.

2. New products or Services which are delivered to either the Internal/External users might be prone to security issues.

Let say a product 'A' has been launched by a company 'X' and for testing purpose it has been given to the internal users. Now as this product 'A' is a product of 'X' itself it will be allowed to carry in the official premises and if some user tries to hack this product and can make the product potentially harmful w.r.t security.

3. Consider a scenario where there is a change in management & team, the team members which were thoroughly responsible for Security kinds of stuff are dissolved into different teams. Also new members are hired for the team. Now, since the new members will need some time to get adapted to the Business As Usual things there are high chances of a security level not maintained as it was earlier by the old guys. This could be due to undocumented things in the organization or due to lack of Knowledge Transfer to the new joinees.

Add a comment
Know the answer?
Add Answer to:
Project 13.3: Assessing Risk Management According to the FFIEC Information Security InfoBase Handbook ( Appendix A...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Management Information System

    through studying the IT infrastructure of a relevant information system (IS)/ information technology (IT) used by selecting any organization of your choice locally or internationally The idea is to investigate the selected organization using the main components of IT (Hardware, software, services, data management and networking). Infrastructure Investigation, which is in a selected industry, should be carried out by using articles, websites, books and journal papers and /or interviews. In the report, you are expected to discuss:Executive Summary .     ...

  • Project 1 Design, develop and document a risk management plan related to: the reduction of accidents,...

    Project 1 Design, develop and document a risk management plan related to: the reduction of accidents, illness or incidents relating to worker or general public safety the prevention of operational discontinuity the need for new or innovative improvement/ changes in processes or procedures (and the associated risks) environmental impact issues—including resource use and management You might choose another risk area relevant to the organisation for which you work. If you do you will need to describe the organisation and the...

  • HR Taking Your Handbook Online Moving from a paper handbook to a digital one them current...

    HR Taking Your Handbook Online Moving from a paper handbook to a digital one them current if linked content is moved or Zcan help companies cut costs, make updates changed 1D easier and quicker, and provide employees. Notify employees of with a more interactive format. Before jumping the change to an in and simply copying co per to digital form, HR profeesional's and other t managers should take some time to plan for a 8 the change Announce online handbook...

  • Project 1 Design, develop and document a risk management plan related to: the reduction of accidents, illness or incidents relating to worker or general public safety the prevention of operati...

    Project 1 Design, develop and document a risk management plan related to: the reduction of accidents, illness or incidents relating to worker or general public safety the prevention of operational discontinuity the need for new or innovative improvement/ changes in processes or procedures (and the associated risks) environmental impact issues—including resource use and management You might choose another risk area relevant to the organisation for which you work. If you do you will need to describe the organisation and the...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • Walmart is the chosen firm. - Describe the firm, including such information as its products or...

    Walmart is the chosen firm. - Describe the firm, including such information as its products or services, annual sales, and market share (This information is readily available in the library’s IBIS World database). - Describe the product market(s) in which it operates. For instance, does it operate within an oligopoly or monopolistically competitive market, a perfectly competitive market, or is it a monopoly? (Choose the closest fit.) Explain. - Does it operate in only one region of the United States?...

  • ***I only need the High Level Project Plan (Time to Implement)****** You have recently been hired...

    ***I only need the High Level Project Plan (Time to Implement)****** You have recently been hired by a new Japanese accounting firm, headquarter in Tokyo, as the director ofInformation Systems and Telecommunications. Your assignment is to assist security posture of the firm anddevelop a security structure for this new company. Write your recommendations and reasons to the firm’s CEO. The firm has 600 employees in Tokyo, 50 in Houston, and is planning to open two branch offices in India andCalifornia....

  • SCM and Its Critical Success Factors For a supply chain management project to be successful, a...

    SCM and Its Critical Success Factors For a supply chain management project to be successful, a company must achieve certain key factors. The Advisory Council at Information Week has put together a list of those key factors: ● Business-driven strategy: The information system for managing the supply chain must focus on the customer, allowing the customer greater efficiencies in the process. The customer should find that ordering material from the vendor is now more efficient with the new system. The...

  • Create a Business Impact Analysis (BIA) Plan for this scenario. Scenario: You are an information technology...

    Create a Business Impact Analysis (BIA) Plan for this scenario. Scenario: You are an information technology (IT) intern working for Health Network, Inc. (Health Network), a fictitious health services organization headquartered in Minneapolis, Minnesota. Health Network has over 600 employees throughout the organization and generates $500 million USD in annual revenue. The company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix of corporate operations. Each corporate facility is located near a colocation data center,...

  • Title: Partners Health Care Systems (PHS): Transforming Health Care Services Delivery through Information Management According to...

    Title: Partners Health Care Systems (PHS): Transforming Health Care Services Delivery through Information Management According to government sources, U.S. expenditures on health care in 2009 reached nearly $2.4 trillion dollars ($2.7 trillion by the end of 2010).[1] Despite this vaunting national level of expenditure on medical treatment, death rates due to preventable errors in the delivery of health services rose to approximately 98,000 deaths in 2009.[2] To address the dual challenges of cost control and quality improvement, some have argued...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT