IT Risk Management Report - Module Name, Semester 1, <University Name>

Verified

Added on 2020/03/23

AI Summary

This report provides a comprehensive overview of IT risk management, beginning with an introduction to IT risks and their significance in the modern technological landscape. It delves into the process of IT risk analysis, identifying various threats such as data risks, infrastructure vulnerabilities, and cyber attacks. The report outlines the steps involved in IT risk management, including assessment, mitigation, and evaluation. It then explores the concept of transferring IT risks, highlighting the importance of insurance and risk pooling. Furthermore, the report emphasizes the importance of firewalls, vulnerability scanners, and intrusion detection systems in maintaining network security. It concludes by summarizing the key takeaways and providing a final verdict on the importance of proactive IT risk management strategies. This report is a valuable resource for understanding and mitigating IT risks effectively.

Running Head: IT RISK MANAGEMENT 1
IT Risk Management
<Student ID>
<Student Name>
<University Name>

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT RISK MANAGEMENT 2
Introduction to IT Risks
The IT risks are explained as the application of the principles of the risk management to
an IT company in order to manage the various risks that are associated with different fields. The
aim of the IT risk management is to resolve the issues and to manage the risks that are associated
with various fields of the IT sectors like the operations, security systems and the installation of
the different tools (Barrett, 2016). The IT risk management is a large component of the enterprise
risk management system. Apart from the risks and effects of negative services and operations of
the organization, the IT risk management systems are also associated with the potential benefits
of the various risks ventures.
As per Goguen, Stoneburner & Feringa, the management process is done by the It
managers to allow a flexible balance in the economic and operational sectors that are related to
the protective measures in order to achieve the target of the organization (Goguen, Stoneburner
& Feringa, 2017). The management in the IT sectors saves the large volume of data from the
malicious hackers, avoids the unknown access from the outsiders, checks the illegal access to the
systems, helps to update the existing software in a regular interval time, provides the maximum
resources from the licensed stakeholders and dealers, helps to realize the importance of assert
and much more.
IT risk analysis
According to MacLeod, there are various risks associated with the IT projects like the
data risk, infrastructure, design, information security, innovation risks, legacy systems,
operational risks, budget risks and much more. The IT industry faces both the external as well as
the internal risks. The digital threats are nowadays very common in the market. These threats are
capable of corrupting the hardware and the software (MacLeod, 2016). The hackers use the
malware to control your system remotely, steal the critical data and destroy the necessary
information. The spam and the junk emails over the web corrupt the entire device without any
delay. Due to unencrypted data, there are huge chances of losing the data (Rodríguez, Ortega &
Concepción, 2017).
The new technology has no service for the camera systems that help the hackers to steal
the data and the recoveries in such cases are quite difficult. The third party services without any

IT RISK MANAGEMENT 3
legal license, helps the cyber attackers to acquire the system and break into the device. The main
reason behind the cyber attacks is the lack of knowledge of the employees about the cyber
attacks. The employees are not aware of the new tools and technology that helps the hacker to
delete the data and change the host of the user (Samadi, Nazari-Shirkouhi & Keramati, 2014).
The IT risks are processed in the following steps:
1. Assessment
The risks are analyzed and assessed for the severity.
2. Mitigation
Various countermeasures were applied to measure the risks and put it in a place in order
to reduce the impact of the particular risks.
3. Assessment and evaluation
It is the end part of the risk management where the effectiveness of the countermeasures
is evaluated. So, based on the derived results, various steps are taken to reduce the risks and
improve the entire system to keep up the plans updated.
Transferring the IT risks
As per Samadi, Nazari-Shirkouhi & Keramati, the transfers of risks are vital for the IT
sectors. The purpose of this action is to take the specific risks that in detailed in the insurance
contract and pass it form one party who are willing to take the risks on behalf of the company,
the insured one, and pay a fee for the particular. The risks are transferred from the individuals to
the insurance company or from the insurer to the reinsurers (Samadi, Nazari-Shirkouhi &
Keramati, 2014). The risk pooling is on the risk transfer method is one of the effective methods
that collect millions of dollars in premium payments basis annually.
Every company faces several risks on daily basis. They need to decide which risks
accepting, so the risk appetite varies from groups to groups. The company needs to use the
insurance in the cases where there are chances of earning a reward for the risks. The manager
tries to protect both the risks that offer a reward and that do not offer a reward. So the risks are

IT RISK MANAGEMENT 4
managed by the traditional insurance like in case of the employee liabilities (Schneider, et al.,
2014). The companies use the insurance to transfer the risks that they do not want to assume. The
company pays a premium amount to the company and in return gets the payments for the events.
The risks that are associated with the general public liabilities are transferred to the insurance to
reduce the risks.
Importance of firewall, vulnerabilities scanner and intrusion systems
The single security systems cannot make the network safe from the attacks. The firewalls
perform the network access in order to control the network border. To reduce the instances of the
data loss that is of any size are the main security concerns by establishing the security standards
and performing the upgrading methods to improve the security systems of the networks.
The managed services of the firewall provide the improved TCO and reduce the costs. It
helps to simplify the management by reducing the time and provides better internal security
management. A firewall manages and monitors the entire security devices used in the networks.
The intrusion detection methods are the burglar alarms for the network security (Schneider, et
al., 2014).
Final Verdict
The IDS set off the malicious traffic and send the warming to the systems or to the IT
staffs. It helps to examine the network traffic in order to prevent the attacks and vulnerability
exploits. The vulnerabilities scanners are convenient that set to run automatically on any
schedule. The scanners are quite accurate to run on the "authenticated mode" where the
credentials provide to access the patch levels. The save a lot of time and provides direct
communication and feedback on the various risks.
Reference
Barrett, S. (2016). Effects of Information Technology Risk Management and Institution Size on
Financial Performance (Doctoral dissertation, Walden University).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT RISK MANAGEMENT 5
Goguen, A., Stoneburner, G., & Feringa, A. (2017). Risk Management Guide for Information
Technology Systems and Underlying Technical Models for Information Technology
Security.
MacLeod, M. A. (2016). The role of risk management in business continuity: A generic
qualitative inquiry of information technology managers (Doctoral dissertation, Capella
University).
Rodríguez, A., Ortega, F., & Concepción, R. (2017). An intuitionistic method for the selection of
a risk management approach to information technology projects. Information
Sciences, 375, 202-218.
Samadi, H., Nazari-Shirkouhi, S., & Keramati, A. (2014). Identifying and analyzing risks and
responses for risk management in information technology outsourcing projects under fuzzy
environment. International Journal of Information Technology & Decision
Making, 13(06), 1283-1323.
Schneider, E. C., Ridgely, M. S., Meeker, D., Hunter, L. E., Khodyakov, D., & Rudin, R. S.
(2014). Promoting patient safety through effective Health Information Technology risk
management. Rand Health Quarterly, 4(3).