An Information Security Risk Assessment Model for Public and University Administrators
MetadataShow full metadata
Assessing risk within any business entity is vital. Risk assessment/management is an essential part of every state agency, university and municipality. Computer viruses, malicious hackers, along with disgruntled employees all pose a major threat to data for public agencies, universities and local government assets. This applied research project discusses information security in depth. The purpose of this paper is threefold. First, this paper will explore the literature on information security in order to identify ideal components of a security program. Second, a survey on these ideal components will gather information security professionals' opinion on the most important elements of each component. Finally, the results of the survey will provide input on an ideal information security risk assessment program for educational institutions and/or state and local government agencies. The methodology for this research is the gauging technique. Survey research was the primary method of collecting data for this research. Ideal components of an effective risk assessment were identified and an open ended survey on those respective components was sent out to public administrators in the information security profession. The most important elements within each subcomponent of an ideal category for a risk assessment program are presented in the results chapter. The results show the important elements according to the information security professionals which help public administrators create an effective risk assessment program in their respective agency.