Importance of IT Risk Management: Concepts, Principles & Practice
Added on 2023-06-05
13 Pages3698 Words173 Views
RISK MANAGEMENT
ASSIGNMENT 1
CONCEPTS, PRINCIPLES & PRACTICE
0
ASSIGNMENT 1
CONCEPTS, PRINCIPLES & PRACTICE
0
Table of Contents
Task 1- Strategic importance of IT risk management.....................................................................2
Task 2- Process involved in creating risk management system for IT............................................4
Task 3- Key trends in risk management for IT risk.........................................................................6
References......................................................................................................................................10
Appendix........................................................................................................................................12
1
Task 1- Strategic importance of IT risk management.....................................................................2
Task 2- Process involved in creating risk management system for IT............................................4
Task 3- Key trends in risk management for IT risk.........................................................................6
References......................................................................................................................................10
Appendix........................................................................................................................................12
1
Task 1- Strategic importance of IT risk management
In the 21st century, the aspect of risk management is gaining popularity because of the increasing
amounts of threats. Different malicious applications are posing a huge threat to IT systems as
hackers and an unauthorized third party can gain access to confidential information. Risks in
Information technology are a serious threat as it can cause uncertainty in an organization. In the
organization of London Fire Brigade, risk management of IT is of utmost importance in order to
protect sensitive information. Therefore through the aid of risk management, its strategic
importance can be thoroughly understood.
According to the ISO3100, there are 11 principles of risk management which should be
implemented in every organization in order to overcome any possible threats (iso.org, 2018).
These principles are listed as follows:
1. Sustains value: This principle helps in determining a various degree of threats posed due to
political, legal, social or technological means. In the organization of the London Fire Brigade,
this principle can be integrated to understand the level of risk possessed in the aspect of IT
(london-fire.gov.uk, 2018). Through the aid of this principle, the importance of IT risk
management can be understood.
2. Organisational Process: In this principle, the objective of the organization is needed to be
kept in mind. The ultimate task of the London Fire Brigade in the respect of risk management is
to implement an appropriate measure to secure its IT systems. In the IT infrastructure of the
company, there might be sensitive information ranging from contact information about its
stakeholders which includes its employees and management (Talet, Mat-Zin and Houari, 2014).
It might also consist of important strategy documents that might be misused if it falls into the
wrong hand. Therefore, it is important to implement IT risk management in the organization of
the London Fire Brigade or LFR (Refer to Appendix 1).
3. Decision making: One of the most strategic aspects of IT risk management is the decision
making process. Through the aid principle, not only proper communication is maintained
between the stakeholder and management but also an effective decision about risk management
2
In the 21st century, the aspect of risk management is gaining popularity because of the increasing
amounts of threats. Different malicious applications are posing a huge threat to IT systems as
hackers and an unauthorized third party can gain access to confidential information. Risks in
Information technology are a serious threat as it can cause uncertainty in an organization. In the
organization of London Fire Brigade, risk management of IT is of utmost importance in order to
protect sensitive information. Therefore through the aid of risk management, its strategic
importance can be thoroughly understood.
According to the ISO3100, there are 11 principles of risk management which should be
implemented in every organization in order to overcome any possible threats (iso.org, 2018).
These principles are listed as follows:
1. Sustains value: This principle helps in determining a various degree of threats posed due to
political, legal, social or technological means. In the organization of the London Fire Brigade,
this principle can be integrated to understand the level of risk possessed in the aspect of IT
(london-fire.gov.uk, 2018). Through the aid of this principle, the importance of IT risk
management can be understood.
2. Organisational Process: In this principle, the objective of the organization is needed to be
kept in mind. The ultimate task of the London Fire Brigade in the respect of risk management is
to implement an appropriate measure to secure its IT systems. In the IT infrastructure of the
company, there might be sensitive information ranging from contact information about its
stakeholders which includes its employees and management (Talet, Mat-Zin and Houari, 2014).
It might also consist of important strategy documents that might be misused if it falls into the
wrong hand. Therefore, it is important to implement IT risk management in the organization of
the London Fire Brigade or LFR (Refer to Appendix 1).
3. Decision making: One of the most strategic aspects of IT risk management is the decision
making process. Through the aid principle, not only proper communication is maintained
between the stakeholder and management but also an effective decision about risk management
2
can also be formulated (McNeil, Frey and Embrechts, 2015). Therefore, LFR must implement
this principle for proper risk management to secure its IT systems.
4. Addresses uncertainty: This principle helps in identifying aspects which might contain
potential threats. LFR can implement this strategic aspect in order to access potential threat in the
IT infrastructure of the organization to eliminate the threats to secure the information in the IT
systems of the organization.
5. Systematic structure: Strategic risk management in respect of Information technology helps
in determination of the appropriate mitigation measures through which such threats can be
avoided (business.qld.gov.au, 2017). Therefore, the London Fire Brigade should access potential
risks in the IT systems of their organization step by step in order to identify potential threats.
6. Informative source: Risk management helps in strategic assessment of possible sources from
where threats can arise. As opined by Sadgrove (2016), there are 3 categories of sources known
as primary, secondary and tertiary. Therefore, the application of this principle by the London
Fire Brigade would help in the assessment of primary and secondary sources of breaches in the
IT infrastructure of the company.
7. Tailored process: This principle defines risk management as a tailored process. Through this
process, the London Fire Brigade can organize proper mitigation tools and techniques for
implementation in the IT infrastructure of the organization. Therefore, it can be considered as a
strategic measure to ensure no possible harm comes to the organization.
8. Cultural and human factors: The process of risk management does not eliminate cultural or
human factors. There, this principle is of utmost importance as the safety culture of an
organization can be accessed through this method. The organization of the London Fire Brigade
should implement this strategic measurement in order to access risk perception and compliances
among the organization as well as its employees (moderngov.london-fire.gov.uk, 2018). Through
this, proper mitigation measures can be taken to secure its IT infrastructure from potential
threats.
9. Transparent and inclusive structure: It is important for the organization of the London Fire
Brigade to have a transparent relationship with its employees. Integration of this principle would
3
this principle for proper risk management to secure its IT systems.
4. Addresses uncertainty: This principle helps in identifying aspects which might contain
potential threats. LFR can implement this strategic aspect in order to access potential threat in the
IT infrastructure of the organization to eliminate the threats to secure the information in the IT
systems of the organization.
5. Systematic structure: Strategic risk management in respect of Information technology helps
in determination of the appropriate mitigation measures through which such threats can be
avoided (business.qld.gov.au, 2017). Therefore, the London Fire Brigade should access potential
risks in the IT systems of their organization step by step in order to identify potential threats.
6. Informative source: Risk management helps in strategic assessment of possible sources from
where threats can arise. As opined by Sadgrove (2016), there are 3 categories of sources known
as primary, secondary and tertiary. Therefore, the application of this principle by the London
Fire Brigade would help in the assessment of primary and secondary sources of breaches in the
IT infrastructure of the company.
7. Tailored process: This principle defines risk management as a tailored process. Through this
process, the London Fire Brigade can organize proper mitigation tools and techniques for
implementation in the IT infrastructure of the organization. Therefore, it can be considered as a
strategic measure to ensure no possible harm comes to the organization.
8. Cultural and human factors: The process of risk management does not eliminate cultural or
human factors. There, this principle is of utmost importance as the safety culture of an
organization can be accessed through this method. The organization of the London Fire Brigade
should implement this strategic measurement in order to access risk perception and compliances
among the organization as well as its employees (moderngov.london-fire.gov.uk, 2018). Through
this, proper mitigation measures can be taken to secure its IT infrastructure from potential
threats.
9. Transparent and inclusive structure: It is important for the organization of the London Fire
Brigade to have a transparent relationship with its employees. Integration of this principle would
3
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Management Tools and Techniques for IT: Innovative Solutions to Mitigate Risk in the IT Infrastructure of the Organizationlg...
|15
|3988
|360
Risk Assessment for Information Security and Risk Managementlg...
|7
|1064
|150
Organisational Structures and Culture in Fire Brigades Unionlg...
|13
|3717
|88
Cyber Crime Fundamental Report 2022lg...
|11
|2538
|17
Risk Management: Principles and Features of Safety Case in Offshore Oil and Gas Operationslg...
|11
|2978
|88
Information Security Risk Management for Smart Software Pty LTDlg...
|16
|4716
|355