This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Management

Risk Management in Action

This essay is written by:

Louis PHD Verified writer

Finished papers: 5822

4.75

Proficient in:

Psychology, English, Economics, Sociology, Management, and Nursing

You can get writing help to write an essay on these topics
100% plagiarism-free

Hire This Writer

Risk Management in Action

There are a variety of compliance prerequisites stipulated in list x, such as organizational structures, inspections, contingency plans, visitor restrictions, export controls, supervision requirements, marketing and sales, and home working. Focusing on the risk of data loss through theft when working at home, below would be a brief review of risk management. Regulations of homeworking are clearly outlined in List X. The loss of delicate data would require a procedure of reporting the occurrence, which utilizes a lot of effort and time. Even when encoded, data might still be retrieved. The risks should be documented on the risk catalog since the implications of unmanaged data loss are substantial, which could lead to fines, prosecution, or loss of contracts.

When a homeworking policy is established, it will address when it is suitable to work from home, the approval needed, how resources should be safeguarded when not in usage, and the category of data that is permissible to be retrieved. There is no policy presently regarding homeworking. All staff will be informed of the homeworking rules and controls. A documentation of all events related to home working will be preserved for future reference so that a prospective evaluation can be done more precisely. The guidelines and approvals for home working will be revised quarterly.

Assurance and Certification

CCC should be able to fulfill an internal audit and compliance appraisal owing to the controls put in place, and capacities outlined with direction from ISO/IEC 27004 and with Business Continuity Planning (BCP) using ISO 22301 having effected. The perfect time for an independent assessment is now. ISO 27001 accreditation can be completed in 3 months, and the license continues for three years with yearly reevaluation. Current capabilities are evaluated at the first stage audit, and actions to achieve are outlined in this stage. At the second stage audit, verifications are done after which certification can be endorsed. It is an external certified organization that performs this appraisal, consequently deciding whether to certify or not.

There are six precise steps to employ the Risk Management Framework (RMF) that NIST SP 800-37 identifies replacing the traditional Certification and Accreditation (C&A). They include categorized information systems, implement security controls, select security controls, assess security controls, monitor security controls, and authorize information systems. Independent evaluation occurs, but the ultimate verdict for accreditation stays with the owner of the system.

Assurance of Cyber Essentials and can be accomplished in two phases. The first phase is Cyber Essentials, which is self-evaluated then substantiated independently. The second phase is Cyber Essentials Plus, which has a larger scale of assurance yet independent susceptibility review. Recertification is requisite once a year. The Risk Management Accreditation Document Sets (RMADS) seizures the threats, assets, vulnerabilities, risks, and modifications. It also lets an accreditor to evaluate the residual and the risk position of a business. Depending on the method and information, it was accessed. CCC could be out-of-scope depending on the technique used and data obtained. Therefore the additional investigation is necessary to endorse the applicability.

 

Organizational Structure Considerations

Given the size of CCC, it is a requirement that a board-level employee who is liable for the security and a Security Controller who is responsible for the day to day security activities must be in the post. It is indispensable to understand the security controller’s function and duties thoroughly. CCC must obtain a clearance contact to execute clearance of staff given the trust of agency staff. It is also a prerequisite of list x to control those retrieving info from guests to employees. Networks and IT delivery are responsible for the IT Installation Security, and it is not envisioned that a Crypto Custodian is needed at this time.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask