In Chapter 2 of Harris (2012), the author continued our examination of Information Security Governance and Risk Management through the use of Risk Assessment and Analysis.  The author further introduced the elemental or fundamental principles of security, which are Confidentiality, Integrity, and Availability.  Furthermore, Harris established the importance of as In a peer reviewed journal article entitled: ” ” Saint-Germain (2005) presented a framework or construct that ensured by invoking found within the – ISO/IEC 17799 After completing Chapter 2 assigned readings, as well as Saint-Germain (2005), information presented within Harris (2012) Saint-Germain (2005). 5 similarities that existed the text literature. an explanation as to you selected the similarities that you did.  Be sure to your positions. Harris, S. (2012). CISSP All-in-One Exam Guide (6th ed.). New York, NY: McGraw-Hill. Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. The Information Management Journal, 39(4), 60. • Risk Management; Risk Assessment & Analysis (Read pages 70 – 100) • Policies, Standards, Baselines, Guidelines, Procedures (Read pages 101 – 108) Shon Harris, CISSP All-in-One Exam Guide (6th ed.), McGraw-Hill,

In Chapter 2 of Harris (2012) and Saint-Germain (2005), the authors discuss the importance of Information Security Governance and Risk Management, specifically focusing on Risk Assessment and Analysis. Throughout the readings, the authors highlight the fundamental principles of security, which include Confidentiality, Integrity, and Availability (CIA). This framework serves as a basis for evaluating and managing security risks.

Both authors emphasize the significance of conducting a thorough risk assessment to identify potential vulnerabilities and threats. Risk assessment involves the systematic process of identifying assets, evaluating their value, identifying potential threats, and assessing the likelihood and impact of those threats. This process allows organizations to prioritize their security efforts and allocate resources effectively.

Furthermore, Harris (2012) and Saint-Germain (2005) both discuss the need for risk analysis. Risk analysis involves evaluating the likelihood and potential impact of identified threats in order to determine the level of risk associated with each. By considering the likelihood and impact, organizations can prioritize their risk mitigation efforts and implement appropriate safeguards.

One similarity between the texts is the importance of implementing controls to mitigate identified risks. Harris (2012) stresses the need for technical, administrative, and physical controls to protect against potential threats. Saint-Germain (2005) similarly emphasizes the importance of implementing control mechanisms based on international standards, such as ISO/IEC 17799. Both texts emphasize the need for a comprehensive approach to control implementation to ensure the confidentiality, integrity, and availability of information.

Another similarity between the texts is the emphasis on the importance of policies, standards, baselines, guidelines, and procedures in ensuring information security. Harris (2012) discusses the role of these documentation frameworks in establishing baseline levels of security and providing guidance for implementing security controls. Similarly, Saint-Germain (2005) focuses on the importance of developing and implementing information security management best practices based on ISO/IEC 17799.

A third similarity between the texts is the recognition of the dynamic nature of information security. Both authors acknowledge that the threat landscape is constantly evolving, requiring organizations to continuously assess and adapt their security measures. Harris (2012) emphasizes the need for regular updates and monitoring of security controls, while Saint-Germain (2005) highlights the importance of conducting regular audits to ensure ongoing compliance with security standards and best practices.

A fourth similarity between the texts is the recognition of the importance of education and training in building a strong security culture within an organization. Harris (2012) emphasizes the need for ongoing training and awareness programs to ensure that employees understand their role in maintaining information security. Saint-Germain (2005) similarly emphasizes the importance of training employees on security policies and procedures to ensure their effective implementation.

A fifth similarity between the texts is the recognition of the need for a holistic approach to information security. Both authors stress the importance of aligning information security with organizational goals and objectives and integrating security measures into business processes. This supports the notion that information security is not just a technical issue but also requires a strategic and organizational perspective.

In conclusion, the readings from Harris (2012) and Saint-Germain (2005) provide valuable insights into the principles of Information Security Governance and Risk Management. Both texts emphasize the importance of risk assessment and analysis, the implementation of controls, the development of policies and procedures, the dynamic nature of information security, the role of education and training, and the need for a holistic approach to security. By understanding these principles and applying them appropriately, organizations can enhance their information security posture and mitigate potential risks effectively.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.


Click Here to Make an Order Click Here to Hire a Writer