Evaluating the Risk Management Plan and Addressing Factors for Successes in Government Agencies

Okonofua, Henry; Rahman, Shawon S. M.

doi:10.1109/trustcom/bigdatase.2018.00230

Cited by 5 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The IT professionals with the overall safety of the applications and the existence of a disaster Moreover, shared data information risk tenancy issues are deemed to be a significant drawback for the accounting . This outcome shows that there are differences in emerging information risk when it comes to the selection of the cloud supplier, an aspect that can influence the overall security [27] of the solution, in the scenario in which the accounting department should mitigate any possible ore quickly and efficiently compared with the other emerging technologies presented, a point that can be explained through the general preference of Benefits such as continuous access, better connectivity, and qualifies mobile technologies as a critical differentiator in the current local economic context. However, some of the most addressed drawbacks and challenges of this technology are limited resources, small screens, and connectivity issues.…”

Section: Resultsmentioning

confidence: 93%

See 1 more Smart Citation

The Effect of Information Technology Using Enterprise Security Risk Management

Adekanye¹,

Rahman²

2018

IJNSA

View full text Add to dashboard Cite

The philosophy of Enterprise Security Risk Management (ESRM) drives a risk-based approach to managing any security risks, physical or logical and holistically applies to every security process. There are globally established risk principles that are common among any developed risk management standard. This model associates the relationship of risk principles to the practice of managing security risks. The ESRM processes, when successfully and consistently adapted to a security program, will define what a progressive security program looks like, drive strategic through initiatives, build the business understanding of security's role to develop a budgeting strategy, and initiate board-level, risk-based reporting. The management security leader's role in ESRM is to manage risks and unthinkable harm to enterprise assets and stockholder in partnership with the business leaders whose assets are exposed to those risks management. ESRM is part of educating business leaders on the realistic of impacts. These identified risks, presenting any potential strategies to mitigate those impacts, and enacting the option chosen by the business in line with acceptable levels of business risk tolerance. The present data should be used to showcase how our service helps identify, evaluate, and mitigate risks at face value that would be detrimental to a company's long-term prosperity. We need to show how using our security risk management will ultimately benefit the company's work by improving policies and procedures and reducing other expenses through the use of risk principles management.

show abstract

Section: Resultsmentioning

confidence: 93%

“…We have got people within the organization that we work with; whom we can call on [14]. What's most important is a broader understanding of what is driving and therefore what can influence the business beyond security and malicious threat [27]concerns that we have every day.…”

Section: Setsmentioning

confidence: 99%

The Effect of Information Technology Using Enterprise Security Risk Management

Adekanye¹,

Rahman²

2018

IJNSA

View full text Add to dashboard Cite

show abstract

“…An organization knows the importance of implementing risk management and making it the main step in minimizing the risks that will occur. The successful implementation of risk management in government agencies is influenced by several factors, namely risk management, policy development, and policy compliance [22].…”

Section: A Risk Managementmentioning

confidence: 99%

Integrated Methodology for Information Security Risk Management using ISO 27005:2018 and NIST SP 800-30 for Insurance Sector

Putra¹,

Soewito²

2023

IJACSA

View full text Add to dashboard Cite

The development of Information and Communication Technology (ICT) in the Industrial Revolution 4.0 era shows very fast and disruptive developments that encourage increased use of Information Technology (IT) services within organizations. However, there is a risk of creating vulnerabilities and threats to owned information systems. Plans and strategies are required to implement information security risk management to address vulnerabilities in threat events. This research is a case study of the Enterprise Resource Planning System in the Insurance Sector. The proposed methodologies for integrating information security risk management using ISO/IEC 27005:2018 as a risk management framework and NIST SP 800-30 Rev. 1 as guidance for risk assessments. The risk evaluation stage is the process of comparing the results of the risk analysis with the risk criteria to then determine whether the risk rating is acceptable or tolerable. For risk treatment and control using the ISO/IEC 27002:2022 framework.

show abstract

“…In addition, information technology systems should be continually monitored and examined to ensure security and compliance with the usage requirements and secrecy of the corporation information [37]. The cybersecurity policies that should be applied by the business corporations include a risk management policy that focuses on two main objectives: identification and prediction of cyber incidents in order to be mitigated in the future, and presentation of a brief description for purpose, scope, and objectives of institutional risk management [39].…”

Section: • Policies and Procedures Of Cybersecurity [34]mentioning

confidence: 99%

The Role of Governance in Achieving Sustainable Cybersecurity for Business Corporations

Alashi

Badi

2020

JISCR

View full text Add to dashboard Cite

The study discusses the role of governance in the sustainability of cybersecurity for business corporations. Its objectives focus on tracking technology developments and their impact on industrial espionage attacks and theft of industrial intellectual property. It also identifies the indicators and effects of such espionage and theft on business corporations. The study is based on the content analysis methodology for analyzing intellectual production pertinent to cybersecurity governance and industrial cyber espionage. The study concludes that relying on information and communication technology without adopting a cybersecurity integrated approach including technical, organizational, and social measures leads to the disclosure of a corporation’s trade secrets by unauthorized persons. Moreover, loss of competitive advantage and damage to the corporate’s financial affairs and reputation may occur. The most important indicators of the study predicting dangers affecting business corporations are the absence of a strategic plan for cybersecurity, inefficient programs for training and cybersecurity awareness, and a lack of secure infrastructure. The vulnerability of business corporations to breaches has many implications. The study shows that cybersecurity governance in turn prepares the corporation to encounter risks targeting its trade secrets. The study finds that there are three integrated elements processes, technology, and persons, for establishing an effective cybersecurity governance program. Accordingly, the main aspects of cybersecurity governance can be employed. The study highlights a range of challenges that business corporations may face when implementing the cybersecurity governance program. These challenges are related to cybersecurity strategy, unified processes, implementation and accountability, senior leadership control, and resources.

show abstract

Evaluating the Risk Management Plan and Addressing Factors for Successes in Government Agencies

Cited by 5 publications

References 19 publications

The Effect of Information Technology Using Enterprise Security Risk Management

The Effect of Information Technology Using Enterprise Security Risk Management

Integrated Methodology for Information Security Risk Management using ISO 27005:2018 and NIST SP 800-30 for Insurance Sector

The Role of Governance in Achieving Sustainable Cybersecurity for Business Corporations

Contact Info

Product

Resources

About