Management of Operational Risks related to Information Security in Financial Organizations

Information Risk Management

Download 0,93 Mb.

1 ... 45 46 47 48 49 50 51 52 ... 78

Bog'liq
fulltext01

4.2.1.2

Information Risk Management

We came to know from our respondent that how the concepts of information security and risk

management are perceived in NCCPL i.e. all about to manage and bound the risks in information

confidentiality, availability, authentication, non-repudiation and accuracy.

The respondent further added that to provide the confidentiality in NCCPL, the organization has

implemented an information specific framework which uses the instructions related to who is

allowed to enter into the system and who is not. According to her, information risk management

is covering three areas which are physical, administrative and technical but the main focus is on

technical risk management area. Anosha further said that information risk management is a

technical support role with focus on hardware goods and software.

According to respondent, in NCCPL there is a department for information risk management

which is called Information Security Group (ISG). Each employee of the organization holds the

responsibility of reporting incidents related to Information Technology to a member or group

head of ISG. ISG head shall first verify whether the reported incident is occurred or not and is

treated according to incident handling policy. As soon as the incident is verified ISG

head/member shall notify the incident to manager IT operations. An Employee must not disclose

the incident to other employee or any other third party such like customers or vendors.

Download 0,93 Mb.

Do'stlaringiz bilan baham:

1 ... 45 46 47 48 49 50 51 52 ... 78