Security Risk Management
Added on 2023-04-24
13 Pages2432 Words197 Views
|
|
|
Running Head: RISK ASSESSMENT & RISK MANAGEMENT 0
Security Risk Management
Student detail
3/6/2019
Security Risk Management
Student detail
3/6/2019
Risk Assessment & Risk Management 1
Contents
Introduction................................................................................................................................2
Risk Analysis for IT Sector........................................................................................................2
Risk Management Process.....................................................................................................3
Risk Analysis Process............................................................................................................4
............................................................................................................................................5
Analysing Threats..............................................................................................................5
Assessing Vulnerabilities...................................................................................................6
Evaluating Consequences...................................................................................................7
Risk Management Considerations..............................................................................................7
Conclusion..................................................................................................................................9
References................................................................................................................................10
Contents
Introduction................................................................................................................................2
Risk Analysis for IT Sector........................................................................................................2
Risk Management Process.....................................................................................................3
Risk Analysis Process............................................................................................................4
............................................................................................................................................5
Analysing Threats..............................................................................................................5
Assessing Vulnerabilities...................................................................................................6
Evaluating Consequences...................................................................................................7
Risk Management Considerations..............................................................................................7
Conclusion..................................................................................................................................9
References................................................................................................................................10
Risk Assessment & Risk Management 2
Introduction
Information Technology has become significant in the present scenario, and this is the reason
that managers of an organization are becoming more concerned about the risk management in
the IT sector. Recently various companies suffer losses due to the problems occurred in their
refined information systems and also grabbed the attention of the managers. Various
quantitative and qualitative risk analysis methodologies are adopted by managers to avoid or
eliminate these losses (QLD, 2019). This report discusses the risk analysis processes in
relation to the combination of quantitative and qualitative methodologies. This process will
provide risk posture for the overall information system of the organization in a better way.
This proposed method will also help the practicing managers to develop and formulate new
risk analysis methods as well as provide a framework for the evaluation of the existing risk
analysis procedures (Willcocks, 2013).
Risk Analysis for IT Sector
To manage the daily operations and to achieve the strategic objectives of an organization,
information technology resources play an essential role. Therefore, risk management has an
essential role in the context of the resources of the IT sector. As companies are becoming
more dependent on IT resources, so it can be critical for them to bear the consequences of IT
assets loss. Risk management for IT resources is a fresh field which is actually an extension
of management's concern for the entire risk posture of the organization (Ahlan & Arshad,
2012). IT risk management focuses on the reduction of expected cost of loss through the
selection and implementation of prime security measures combination.
Introduction
Information Technology has become significant in the present scenario, and this is the reason
that managers of an organization are becoming more concerned about the risk management in
the IT sector. Recently various companies suffer losses due to the problems occurred in their
refined information systems and also grabbed the attention of the managers. Various
quantitative and qualitative risk analysis methodologies are adopted by managers to avoid or
eliminate these losses (QLD, 2019). This report discusses the risk analysis processes in
relation to the combination of quantitative and qualitative methodologies. This process will
provide risk posture for the overall information system of the organization in a better way.
This proposed method will also help the practicing managers to develop and formulate new
risk analysis methods as well as provide a framework for the evaluation of the existing risk
analysis procedures (Willcocks, 2013).
Risk Analysis for IT Sector
To manage the daily operations and to achieve the strategic objectives of an organization,
information technology resources play an essential role. Therefore, risk management has an
essential role in the context of the resources of the IT sector. As companies are becoming
more dependent on IT resources, so it can be critical for them to bear the consequences of IT
assets loss. Risk management for IT resources is a fresh field which is actually an extension
of management's concern for the entire risk posture of the organization (Ahlan & Arshad,
2012). IT risk management focuses on the reduction of expected cost of loss through the
selection and implementation of prime security measures combination.
Risk Assessment & Risk Management 3
Risk Management Process
The aim of risk management is to analyze the combination which is optimum for loss
prevention and reasonable cost for every organization. The opportunity of impacting an asset
by threat is known as vulnerability (NIST, 2008). When an asset is vulnerable to threat then
there would be more chances of risk. IT assets include software, hardware, personnel, data,
and facilities (Taylor et al., 2012). Below table describes the threats associated with the
information technology sector which originate from various unauthorized access, physical
sources, internal and external sources, and authorized access.
Physical Threats Unauthorized Physical or
Electronic Access
Authorized Physical or
Electronic Access
1. Equipment failure
2. Air contaminants
3. Humidity
4. Power interruption
5. Fire
6. Personnel’s injury or
death
7. Weather
8. Personnel turnover
9. Damage to equipment
or facility by humans
1. Microcomputer theft
2. Hackers
3. Phantom nodes on
network
4. Theft of data
5. Viruses, bombs,
worms
6. Software piracy
7. Modification,
disclosure, and
destruction of data
8. Voice mail fraud
9. EDI fraud
1. Obsolete od outdated
I/S applications
portfolio
2. Increase in end-user
computing
The cycle of risk management starts with the process of risk analysis which analyses assets of
IT, threats and vulnerabilities of those assets. There are two reasons related to the risk
management process (FHFA, 2017). Firstly, new external threats keep on generating for IT
assets due to the altering environment and secondly, new internal threats to IT assets due to
the audit process and security surveillance (QLD, 2019). Therefore, it is important for
management to analyze the organization's exposure to loss periodically. Below figure shows
the risk management cycle:
Risk Management Process
The aim of risk management is to analyze the combination which is optimum for loss
prevention and reasonable cost for every organization. The opportunity of impacting an asset
by threat is known as vulnerability (NIST, 2008). When an asset is vulnerable to threat then
there would be more chances of risk. IT assets include software, hardware, personnel, data,
and facilities (Taylor et al., 2012). Below table describes the threats associated with the
information technology sector which originate from various unauthorized access, physical
sources, internal and external sources, and authorized access.
Physical Threats Unauthorized Physical or
Electronic Access
Authorized Physical or
Electronic Access
1. Equipment failure
2. Air contaminants
3. Humidity
4. Power interruption
5. Fire
6. Personnel’s injury or
death
7. Weather
8. Personnel turnover
9. Damage to equipment
or facility by humans
1. Microcomputer theft
2. Hackers
3. Phantom nodes on
network
4. Theft of data
5. Viruses, bombs,
worms
6. Software piracy
7. Modification,
disclosure, and
destruction of data
8. Voice mail fraud
9. EDI fraud
1. Obsolete od outdated
I/S applications
portfolio
2. Increase in end-user
computing
The cycle of risk management starts with the process of risk analysis which analyses assets of
IT, threats and vulnerabilities of those assets. There are two reasons related to the risk
management process (FHFA, 2017). Firstly, new external threats keep on generating for IT
assets due to the altering environment and secondly, new internal threats to IT assets due to
the audit process and security surveillance (QLD, 2019). Therefore, it is important for
management to analyze the organization's exposure to loss periodically. Below figure shows
the risk management cycle:
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents