University Report: Identifying, Assessing, and Controlling Risk

Verified

Added on 2023/01/09

AI Summary

This report examines the critical aspects of risk management within information security, focusing on identifying, assessing, and controlling risks. It begins by outlining the process of risk identification, which involves preparing for risk management through planning, organizing processes, and categorizing information assets. The report details the analysis of information asset inventories, threat identification, and prioritization. Subsequently, it delves into risk assessment, including determining the likelihood of projects, calculating potential losses, and assessing current controls. The process culminates in defining risk appetite, determining risk tolerance, and synthesizing a risk appetite statement. The report then explores the components of risk management, including people, procedures, data, software, hardware, and networking, and how these components interact with internal and external personnel. Various threats such as comprising intellectual property, espionage, human error, information extortion, and software attacks are discussed. The report concludes by outlining risk control strategies, such as defense probation, applying controls to eliminate risks, transference processes, and termination of issues, emphasizing their importance in effective risk management. The report underscores the significance of risk management in ensuring project success through proper risk assessment and control.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IDENTIFYING AND ASSESSING AND CONTROLLING RISK
IDENTIFYING AND ASSESSING AND CONTROLLING RISK
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
IDENTIFYING AND ASSESSING AND CONTROLLING RISK
Introduction
Information security is an existing terminology that benefits the processing of the
business organization. Managing risk is considered to be one of the prime responsibility of the
managers. IT management is one of the prime responsibility of the IT managers. Functioning of
information security must be performed with proper professionalism and high flexibility. This
report will discuss about the different terminologies that are related with the identification of
information security risk, assessing of the risk and controlling the same.
Discussion
Risk identification is performed with the help of preparation of risk management. In this
case planning and organizing of the processes is coupled with developing the information asset
categories and classifications. The output that is provided towards identification of the inventory
information asset. The output of the information asset is analysed along with the classified
information assets. Prioritized information assets is one of the main aspects that are performed
includes identification of the inventory threats. Accessing of threats and prioritizing of the threats
are also performed. After the processing of identification of risk, assessing of the risk is also
performed. In this sage determining likelihood of the project is performed (Carr 2016). After
performing the vulnerability likelihood, accessing of potential loss is also calculated.
Determination of risk mitigated by current controls are also performed. After this process,
determination of information assets risk is performed. The output of the risk assessment process
is concatenated with defining of the risk appetite. This section helps in determining of risk
tolerance. This process also helps in synthesizing of risk appetite. Developing risk appetite
statement is also performed. After completion of the proper defining of the risk appetite
functioning, controlling of risk is done.

2
IDENTIFYING AND ASSESSING AND CONTROLLING RISK
The components of risk management can be performed as per the information system
components. The diversification is made as per people, procedures, data, software, hardware and
networking. The risk management components are performed and diverged in between the
internal personnel and external personnel. This section is collaborate with the people information
component system. The examples of the risk management components provides example risk
management components as per the trusted employees, other staff members, people that are
trusted in the organization. Strangers are also counted in this section (Ben-Asher & Gonzalez
2015). The procedure includes IT and business standard procedures and IT and business sensitive
procedures. The data section of the information system components include data and information
in the section under risk management component. The example of risk management components
includes transmission, processing and storage process. The software information system
components includes the risks management sector in the software department. The example of
risk management components in the software section includes application, operating systems and
security components. The information system component also includes hardware as a
component. The examples ca be considered as the systems and peripherals. Providing security of
the device includes the fact hat networking process will get functional as per the local area
networks components.
Proper understanding of the asset tag, Internet protocol, media access control address,
Asset type, serial number, manufactured name, software version FCO number is also considered
as the system (BIOS) firmware version. Software licensing data as per the physical location and
logical location as well the controlling entity (Bada Sasse & Nurse 2019). The threats that are
taken into consideration includes comprising of intellectual property. The possible vulnerability
includes router having little intrinsic value but the assets are properly protected as per the

3
IDENTIFYING AND ASSESSING AND CONTROLLING RISK
protection of the device. Another major threat that is present includes Espionage or trespass,
having human error or failure, information extortion, quality of services deviation also falls
under the threat section of the business organization. Sabotge and vandalism is also considered
as a major threat. Software attacks are also considered as one of the major threat of the business
organization (Whitman & Mattord 2017).
The risk control strategy includes defence probation. Applying control and safeguarding
the eliminating the risks. Transference process is also considered as a risk control strategy.
Reducing impacts to information assets should stop the exploiting of the processing. Termination
of the issues are also one of the main aspect that will help in better processing of the risk
assessment.
Conclusion
From the above discussion, it can be stated that risk management is one of the main
aspect that is taken into consideration for better management of the project as per better
assessment of risk. This better processing of identification, assessing and controlling of the risk
management helps in proper commencing project. This report helps in proper analysis of the
system.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
IDENTIFYING AND ASSESSING AND CONTROLLING RISK
Reference
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International
Affairs, 92(1), 43-62.
Whitman, M., & Mattord, H. (2017). Management of information security.