Research Paper 3

Read Complete Research Material

RESEARCH PAPER 3

Research Paper 3 - CIS8018 - S2 2013

[Name of the Institute]

Abstract

Organizations have to face several types of risks pertaining to information security. These risks require risk control mechanisms to be implemented in order to handle them in an efficient manner. Various protection mechanisms are in place that can be used by firms in order to reduce the risks. Appropriate handling and training of personnel can also help in preventing these risks. Employees of the organization should be made familiar with the laws and ethics related to information security in order to save the organization from facing consequences of risks.Research Paper 3 - CIS8018 - S2 2013

Introduction

In order to make an organization risk-free, it is necessary to create and design a safe working environment within the organization in which business procedures and processes can function smoothly. Principles of risk management are required to be implemented in order to maintain privacy, confidentiality, availability and integrity of organizational data. Protection mechanisms should be in place to deal with the risks in the organization. This report evaluates the efforts required for controlling risk in an organization. The protection mechanisms that are required to control risks are discussed. Personnel and security along with laws and ethics pertaining to information security are shed light upon. Finally, a software known as PRTG is implemented to find out the issues and limitations present in the software that occur during network monitoring.

Eftel Limited

Eftel Limited is one of the famous telecommunication and internet service provider across Australia. The organization offers a wide range of services to its users including telephony services, DSL service, web hosting, and dial up internet to wholesale, corporate and retail telecommunication markets. The organization faces several issues and problems while providing these services to its users. The organization needs a well-defined set of rules regarding controlling risks, protection mechanisms, security personnel, and laws and ethics (Eftel Limited, 2012, p. 25).

Controlling Risk

Before the process of monitoring and controlling risk in an organization, risk identification, diagnosis and analysis phase takes place. After the speculation phase has passed, one enters the action phase of risk monitoring and controlling. Monitoring and controlling risk is the last process of risk management. In this phase, action is required to be taken. A manager of an organization is required to monitor risk before controlling it. Monitoring makes risk managers scan the horizons of risks on a continuous basis in order to determine the untoward events of risks that are occurring or about to occur. Monitoring of risk gives indication to the manager regarding the time when he is required to prepare for action and take physical steps and actions (Levy et.al, 2010, p. 8). On the other hand, controlling is executing the actual physical steps and actions required for handling the event of risk. Different types of actions are required to be taken for handling different types of risks. Crisis management is the most important subject that is considered when risk controlling is discussed. Crisis management refers to the actions that ...