Comprehensive Report on Risk Management and Information Security

Verified

Added on 2022/08/25

AI Summary

This report delves into the multifaceted world of risk management, providing a comprehensive analysis of risk, threat, and vulnerability within the context of information security. It begins by differentiating between these crucial terms, highlighting their interconnectedness in maintaining security and developing effective risk management plans. The report explores the relationship between risk and loss, emphasizing how risk, stemming from vulnerabilities and threats, can trigger various forms of damage, including financial and data losses. It underscores the importance of risk management in information security, detailing how it safeguards confidential information, ensures data integrity, and maintains accessibility for authorized users. Furthermore, the report examines the necessity of organizations taking calculated risks with customer data, discussing the associated challenges and benefits, such as building customer trust and enabling better marketing efforts. Finally, it outlines the components of a robust risk management plan, including risk identification, analysis, and control measures, along with references to relevant literature.

RUNNING HEAD: RISK MANAGEMENT 0
Risk Management
Student’s Details-
JANUARY 15, 2020

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RISK MANAGEMENT 1
Contrasting Risk, Threat and Vulnerability
Risk, threat and Vulnerability are the combined terms to be used in terms of security.
Understanding the individual differences in risk and vulnerabilities are crucial for
maintaining the security and overall risk management plan (Ciapessoni, et al., 2016).
Specifically, risk is associated with the loss or damage to be used against the threat and
exploiting vulnerabilities. Further, threat is related with the exploitation of the vulnerability
through accidently and intentionally and can damage and destroy the asset (TAG, 2010).
Also, vulnerability is concerned with the gaps that are identified by the exploitation by threats
to get unauthorized access to the asset. Risk, vulnerability and threat are interrelated with
each other under the security plan. Risk is associated with the function of damage or harm to
an asset caused by the exploitation of the vulnerabilities and undertaking threats. Moreover,
every company is expected to take the risk that can ensure that the vulnerabilities are
exploited by having a critical understanding of taking risks.
Relationship Between Risk and Loss
Risk and loss are related to each other. In order to understand the relationship between
the two, it is important to understand their individual meanings. Risk is associated with the
mix attained from the vulnerabilities and threat that can be reduced and managed accordingly.
Loss on the other hand causes a damage to the company in certain ways such as financial,
physical loss, loss of networks and others (Ciapessoni, et al., 2016). There is a close
relationship between the risk and loss as risk is something that triggers the loss or damage. In
the information security, risk is undertaken to through the exploitation of vulnerabilities for
getting significant profit in the future. This is related with the loss which arises as a result of
the risk. Moreover, it can also be observed that taking risk is not always result in the losses.

RISK MANAGEMENT 2
Thus, a manager within the company is not always attempt to get the profits as the asset can
lead to the loss due to the unfavourable circumstances.
Risk Management and Importance in Information Security
Risk management is associated with the identification and evaluation of the risk in
order to minimize or reduce the impact of the unwanted events through the exploitation of the
opportunities (Bromiley, McShane, Nair, & Rustambekov, 2015). Risk could arise from
various sources and the coping of such risk is crucial for the organization. It is important for
the business as it provides an opportunity for the business to avoid and manage the potential
risk in order to get the profits and minimize the negative results.
There is huge importance of risk management in the information security as it avails
the pertinent information that leads to the preservation of the confidential information,
maintaining the integrity and availability of information to the authorized users. In the
information security plan, an organization maintains the risk management through due
adherence with the information security policies. There are information security standards
that are needed to be included in the risk management which plays a vital role in the
information security. Determination and handling of the risk in a systematic and effective
manner is crucial for the organization for making the effective decision (Dark Reading,
2012). It can help in the cybersecurity issues that can lead to the systematic handling of the
information through the information security systems.
Need of Organization to take Risk with Data
There is need of the organization to take risk with the customer’s data through the
information security tools. This risk is highly dependent on the kind of risk undertaken and its
overall impact on the infrastructure and the budget of the organization. There are various

RISK MANAGEMENT 3
kinds of challenges associated with the data risk such as it is difficult to gain the trust of the
customers. For example, when the organization stores the customer’s information for the
repeat visits, it is a risky practice but it can allow the organization to get more information
about the customer which the organization can later be use for reaching more customers.
Moreover, it is risky to take the confidential information of the customers such as credit card
details and the expiry details which are the main factors which are being at risk by the
organization. This can ensure that the customers have more trust and confidence on the
organization hoping that the information stored is safe and secure (Deloitte, 2018). Further,
taking information from the customers with respect to the personal information can ensure
that the organization can make the better marketing efforts and target their profitable
customers. However, the organization should take the minimum risk as theft or loss of the
information of the customers can lead to decrease in the trust and confidence of the
customers.
Risk Management Plan
Risk management plan is the outline which is prepared for the overseeing the risk and
also making estimations of the impacted areas in order to make the specifications for
avoiding the risks that are needed to be avoided within the stipulated time (Sadgrove, 2016).
The components of risk management plan include the identification, analysis and the
controlling of the risks that can ensure that the project is effectively handled within the entire
project’s lifecycle. Following are the major necessary components of risk management plan:
 List of risk and vulnerabilities that can arise from the asset through the appropriate
break down.
 Evaluation of the risk associated with the various risks.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RISK MANAGEMENT 4
 Probability Impact Matrix is prepared for identifying the threat and opportunity
arising from the risk.
 The plan also includes the confidence estimates that includes the estimation of the
range of confidence on the complex projects.
 Further, it includes the risk registrar that individually includes the description of the
risk, impact of risk and the probability of getting affected by the risk (Roseke, 2015).
 Lastly, response plans are made for reducing the risk vulnerabilities and appropriate
budget is made for meeting the expenses.

RISK MANAGEMENT 5
References
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Ciapessoni, E., Ciro, D., Kjolle, G., Massucco, S., Pitto, A., & Sforna, M. (2016).
Probabilistic risk-based security assessment of power systems considering incumbent
threats and uncertainties. IEEE Transactions on Smart Grid, 7(6), 2890-2903.
Dark Reading. (2012, July 16). 4 Reasons Why IT Security Needs Risk Management.
Retrieved January 16, 2020, from Dark Reading:
https://www.darkreading.com/risk/4-reasons-why-it-security-needs-risk-
management/d/d-id/1138021
Deloitte. (2018, April 23). Making Data Risk a Top Priority. Retrieved January 16, 2020,
from The Wall Street Journal :
https://deloitte.wsj.com/riskandcompliance/2018/04/23/making-data-risk-a-top-
priority/
Roseke, B. (2015, May 8). Risk Management Plan Components. Retrieved January 16, 2020,
from Project Engineer: https://www.projectengineer.net/risk-management-plan-
components/
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
TAG. (2010, May 3). Threat, vulnerability, risk – commonly mixed up terms. Retrieved
January 16, 2020, from Threat Analysis Group: