Question: ISO 13335 recognizes four approaches to identifying and mitigating risks to an organizations IT infrastructure. i. Explain: the need for a range of formal standards
ISO 13335 recognizes four approaches to identifying and mitigating risks to an organizations IT infrastructure.
i. Explain: the need for a range of formal standards that detail suitable IT security risk assessment processes, including ISO 13335, ISO 27005, ISO 31000, and NIST SP 800-30.
ii. Give an example from the ISO 27000 series family and what does it cover?
iii. What are the considerations when any organization decide to which approach to follow? (List 3 only)
iv. What approach you should be implemented in the following: (4 marks)
- Implement a basic general level of security controls on systems using baseline documents, codes of practice, and industry best practice which can be obtained from a range of organizations e.g. CERT and NSA.
- Pragmatic risk analysis for the organizations IT systems which does not involve the use of a formal, structured process, but rather exploits the knowledge and expertise of the individuals performing this analysis.
- Comprehensive approach to conduct intensive risk assessment of the organizations IT systems, using a formal structured process with great degree of assurance that all significant risks are identified, and their implications considered. provide reasonable levels of protection as quickly as possible then to examine and adjust the protection controls deployed on key systems over time.
- Provide reasonable levels of protection as quickly as possible then to examine and adjust the protection controls deployed on key systems over time.
Step by Step Solution
There are 3 Steps involved in it
1 Expert Approved Answer
Step: 1 Unlock
Question Has Been Solved by an Expert!
Get step-by-step solutions from verified subject matter experts
Step: 2 Unlock
Step: 3 Unlock
Study Help