Risk Management and Control Effectiveness Essay

Risk Management and Control Effectiveness - Essay Example This paper answers seven questions in relation to effectiveness of security technologies and methodology, risks related to them, additional controls, and access of technology within organizations. The administrative structure of the organization including relationship with the public promotes effective administration of information security. According to Fung (2004), management of information security ensures security of organizational information, systems infrastructure and data content being processed, accessed, managed and communicated to the public. The management is committed and actively supports information security at all levels. This has been clearly demonstrated through support for security initiatives by providing necessary resources for information systems security controls. Additionally, management commitment to information security has been witnessed through effort coordination, formulation and approval of relevant organization-wide security policy. There have been periodic reviews of the information security policy based on the organizational goals, objectives and technological development. The management has ensured appropriate planning and controls to new systems and infrastructure. Security activities are coordinated by staff representatives from different departments of the organization. The execution of security controls are in compliance with the information security and privacy policies. There are also coordinated efforts in the assessment of the implemented security controls and identification of vulnerabilities and recommendation of additional measures. These evaluations have been significant in identifying vulnerability changes, threats and attacks to both external and internal systems and recommendation of mitigation measures. The organization has continuously promoted trainings and security awareness to all stakeholders in the organization. The requirements for non-disclosure agreements and confidentiality reflect information