Principles of Information Security Essay Example | Topics and Well Written Essays - 2500 words

Principles of Information Security - Essay Example Risk treatment is the proportionate provision of controls. It can mitigate or eliminate risks of the organization’s operations according to suitable options. The main goal of risk treatment is to reduce risk to an acceptable level in a cost-effective manner. While treating risk we have to take care of few things such as selected controls, regulations, legislation, organizational policy, user acceptance and safety and reliability. The risk can be addressed by four ways. They are avoided, transfer, limit and accept. Avoid means eliminating the cause of the risk. Transfer refers to insurance or outsourcing some function from other organizations. Limit meant for reducing the likelihood or consequences of an event. The last way is to accept that means one understands the risk and there is not any cost-effective solution that can be used so it is better to live with that. Once one has Risk Registers tables one can check from there which threat is most affecting the Assessment Office performance. Depending upon the risk various types of controls can be selected. Security program plan is made when all the controls are identified. Insecurity plan one addresses a group of controls as compared to individual controls. It is not mandatory that whatever suggestion one has included in the plan is going to be implemented by the management. But each can be considered for that. The various controls that are identified are Identity Card, Backup procedures, Training/Awareness, Strictly Comply ITS Security policies, Physical Protection of Server (CPU), and Proper Rechecking etc.