The risk assessment of a current production information system should be used to develop an information security plan. The risk assessment plan may be based on the risk register or a formal programme of work. If the risks need to be managed as a formal programme of work the plan should follow the project management and must be approved at the appropriate level within the organization. However, if the risk assessment was for a new system then the report should be used to ensure that the controls required to manage the risks are incorporated into the solution architecture and design documents or request for proposal document. The security is responsible for identifying the components and defining the boundaries of an information system that is within the scope of the risk assessment. Question: 2 Risk Assessment: Risk assessment is the process which is designed to enable agencies to systematically identify, analyze and evaluate the information security risks associated with an information system or service together with the controls required to manage them. During a risk assessment, it is essential to establish the business and technical context of the information system being reviewed. Establishing the context ensures that the business objectives are captured and that the internal and external factors that influence the risks are considered. A risk assessment may be performed for an information system that is already in production or as part of the development life cycle of a new information system.the risk assessment is being performed for an information system that is in production or as part of the development life cycle process for a new information system there will already be controls in place to reduce the likelihood and/or impact of some of the risks that have been identified. A control can reduce the risk by reducing the likelihood of an event, the impact or both. Assessing the effect that the control has on the overall risk leads to determining the residual risk rating during the risk assessment, a control may be identified as being ineffective, not sufficient or simply not relevant to the risk it is supposed to be mitigating. If this is the case, an analysis should be performed to determine whether it should be removed and replaced by another more suitable control or whether it should remain in place and be supplemented with additional controls. Questsion: 3 Remote access can be explained as ability to access, control and monitor networks or computers from any place and at any time. One of the advantages of remote access is that the technology is well established and thus quite a large number of people are familiar with it and thus not a lot of training is required. The other advantage is that the firewalls processing overheads and various connections on the VPN can all be active in the same time. Remote access also ensures that the communication is secure as the rights to access are given to specific individuals (Vazquez, 2016). The software also increases flexibility and reduces the costs of communication.in addition to this; the software enhances productivity as it provides an extension to the applications and networks in the corporate. Connecting this access is not expensive and thus possible for many companies to connect. Remote access also enables the stakeholders to have regular updates on the progress of the company products and services. Remote access also saves the managers as well as the employees the time and cost of travelling to the office as they can access away from the office.in addition to this the branch offices of a company can access the head office through this connection (Gray, 2016,). On the other hand, one of the weaknesses is that it becomes difficult to install and configure it to a client if the IT personnel are not in office as the software needs to be installed in the user’s computer for a connection to be established. Remote accesses can also results to some losses and sufferings when the computer is left with a running session. In addition to this, the remote access can be slow when one is away from the PC which can result to delays (Vazquez, 2016).
https://writemyresearchpaper.us/wp-content/uploads/2021/08/whatsapp-logo-300x115.jpeg 0 0 Write my research paper https://writemyresearchpaper.us/wp-content/uploads/2021/08/whatsapp-logo-300x115.jpeg Write my research paper2022-07-14 03:48:532022-07-14 03:48:53The risk assessment of a current production information system should be used to develop an information security plan. The risk assessment plan may be based