Security Risk Management SRM and Auditing Essay -- essays research pap

Abstract The term â€Å"be prepared† applies especially well to today’s business environment, where enterprises across all industries and locations are challenged by a volatile, increasingly unpredictable world. In addition to protecting their internal resources, organizations must consider the security and well-being of their employees, partners, suppliers and customers, as well as the reliability of the web of networks and systems on which most now depend. Stop Managing Security. Start Managing Risk. The way forward lays in a security risk management (SRM) approach that protects your company from the most severe threats to critical IT systems and operational processes. SRM helps your organization understand its assets and analyze the vulnerabilities it must address. Security risk management also facilitates internal and external compliance initiatives. It enables your organization to enforce policies that relate to the integrity of customer data, the configuration of corporate applications and databases, and the accuracy of financial reports. Companies that take a systematic approach to SRM reap additional benefits: operational efficiencies that lead to better management of resources and reduced costs. It's up to all the parties involved in the IT operations and security mission to demonstrate that they can take on the demands of this new challenge. Security is a wide concept, it is a separated subject with its own theories, "which focus on the process of attack and on preventing, detecting and recovering from attacks" (William 1996). Certainly, these processes should be well organized in coping with the complex system issues. A coherent approach should be taken, which builds on established security standards, procedu... ...om norm', Network World Canada, Jun 24, Vol. 15, Is. 12, pp1-10, Gulati R, 1999, 'Network location and learning: the influence of network resources and firm capabilities on alliance formation', Strategic Management Journal, Vol. 20, Is. 5, May, pp 397-399 Osborne, Keith (1998), 'Auditing the IT Security Function', Computers &, Security, Vol. 17, NO.1, pp35-39. Hampton D K, Peter R &, Walker H T D, 1996, Relationship-Based Procurement strategies for The 21st Century, Vis, Canberra. Johnson, Jim (1995), 'CHAOS: The Dollar Drain of IT Project Failures', Applied Development Trend O’Brien, James and Marakas, George (2007) Introduction to Information Systems, 13th ed. McGraw-Hill William C &, Dennis L &, Michael S (1996), Information Security Handbook, NY: MacMillian Press LTD Gladstone D, 1988, Venture Capital Investing, Prentice Hall, New Jersey.