美国论文代写:银行的信息技术
XYZ银行是一家本地银行,最近面临一些信息安全攻击。由于这一点,他们已终止其合同与外包IT /功能。现在银行有兴趣开发银行的信息技术基础设施的风险管理流程。为此,银行特别感兴趣的资产识别,威胁识别,评估的风险和准备风险缓解/对策程序的过程。
本报告的目的是完成这些处理的基础上的信息,目前的信息技术基础设施的银行。
资产识别
在信息安全和技术术语中,资产是用来存储、处理或传输数据和信息的系统。这些资产的每一个都会影响组织的业务,可以影响收入,声誉和未来的前瞻性。
除了系统,文档,人力资源也是组织的资产。很难正确识别这些资产。(主教,2011)
组织的资产分类为,
1。人
与一个组织的人相关的资产属性包括社会保障号码、其他身份号码、个人姓名、出生日期等信息,以及专业知识和技能细节。一般来说,由组织处理的个人的所有细节,将是组织的资产,因为这些信息为业务增加价值。
2。程序
有关业务流程、业务文档、信息存储和检索信息等的详细信息是组织遵循的程序的资产属性。
3。数据
数据的业务和交易的数据,元数据,数据结构,数据的类型,数据的位置,数据备份计划等所有者的数据,数据的备份计划等是数据的资产属性。
对于资产识别,应使用一些工具或技术,这将有助于了解资产和它的“估值”在信息安全和业务方面。XYZ银行的资产识别过程将使用加权因子分析工作表技术来完成。在这种技术中,将对每个确定的资产施加特殊的权重。该权重将根据这些资产对银行的影响。
美国论文代写:银行的信息技术
XYZ Bank is a local bank that has faced some information security attacks recently. Due to that, they have terminated their contract with the outsourced IT/IS functions. Now the bank in interested in developing a risk management process for the information technology infrastructure of the bank. For that purpose, the bank is particularly interested in the processes of asset identification, threat identification, assessment of the risks and preparing a risk mitigation/ countermeasure procedure.
The aim of this report is to complete these processed based on information about the current information technology infrastructure of the bank.
Asset Identification
In the information security and technology parlance, an asset is a system that is used for storing, processing or transmitting data and information. Each of such asset will have impact on the business of the organization and can affect the revenue, reputation and future prospective.
Other than systems, documentation, human resources are also assets of an organization. It is difficult to identify these assets properly.(Bishop, 2011)
The classification of assets of an organization is given as,
1.People
Asset attributes related to people of an organization will include information such as the social security number, other identification numbers, personal details like name, date of birth etc, and expertise and skills details. In general, all details about an individual that is stored of processed by the organization, will be assets for the organization as this information add values to the business.
2.Procedures
Details about the business process, business documentation, information storage and retrieval information etc. are the asset attributes of procedures followed by an organization.
3.Data
Data about the operations and transactions made by the business, along with information like owner of the data, meta data, data structure, type of data, location of data, data backup plans etc. are the asset attributes for data.
For asset identification should be done with some tools or techniques that will help to understand the assets and its ‘valuations’ in terms of information security and the business. The asset identification process of the XYZ bank will be done using a Weighted Factor Analysis Worksheet technique. In this technique, particular weights will be imposed on each identified assets. The weights will be given based on the impact of those assets on the bank.
