Theoretical Background:

Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

The risks to these assets can be calculated by analysis of the following issues:

• Threats to your assets: These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
• Vulnerabilities: How susceptible your assets are to attack
• Impact: The magnitude of the potential loss or the seriousness of the event.

Components of Information Security:

1. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organizations mission/business functions.

2. Risk Mitigation. Explain the importance.

3. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the systems security impact level and recovery requirements.

5. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.

Lab Exercise 3: You are working for a Software company. As an Information Security Architect your task is to present Organization's Information Assurance Posture to the Senior Management.

Note: Use the below report structure to complete your work

Scope of Assessment

Know What You Are Looking For

Know What You Are Looking At

Understand the Assessed Organizations Expectations

Administration

Request Needed Resources

Roles and Responsibilities

Ensure Your Role is understood

Execution

Review Organizational Policy

Reporting