IT Risk Management Assignment: PDCA Cycle, ISO 27001 Standard Analysis

Verified

Added on 2020/03/07

AI Summary

This IT risk management assignment delves into the application of the PDCA (Plan-Do-Check-Act) cycle as described in the AS/NZS ISO/IEC 31000:2009 framework, highlighting its mirroring of management systems and flexibility. It identifies the shortcomings of the PDCA cycle, such as its reactive nature and potential for change fatigue. Furthermore, the assignment examines the key aspects of the ISO/IEC 27001:2013 standard, emphasizing its role in establishing, implementing, maintaining, and consistently developing information security management systems tailored to organizational needs. The assignment underscores the standard's generic applicability across various organizations, regardless of their size or type, and provides relevant references to support the analysis.

Running head: IT RISK MANAGEMENT
IT risk management
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT RISK MANAGEMENT
Task 1:
1. Exercise 1:
1.1. Applicability of PDCS cycle to Risk Management as described in AS/NZS ISO/IEC
31000:2009:
The AS/NZS ISO/IEC 31000:2009 framework has been mirroring the planning and checking
the act of PDCA cycle. This has been common for every design of the management systems. The
standard has been stating that the PDCA cycle has not been intended for prescribing the management
system. It has been assisting the organizations in integrating the risk management in its entire
management system (Bricker, 2017). The statement has been encouraging the organizations in being
flexible to include the elements of the cycle as required. The primary elements of the cycle have
been including the policy and the governance. This has been delivering the mandate and
demonstrating the commitment of that organization. It has also been including the program design of
the entire cycle to manage the risk on the ongoing basis. The next one is the implementation of the
program and structure of risk management. There has been also the reviewing and monitoring
(Broadleaf.com.au, 2017). This is meant to oversight the performance and the structure of the
management system. Lastly there has been the continual improvement of the performances of the
entire management system.
1.2. Shortcomings of the PDCA cycle:
One of the major shortcomings of the PDCA cycle has been that it has been inherently
reactive. Though it has been the circular paradigm, it has been assuming that all the things have been

2IT RISK MANAGEMENT
beginning with the planning. This has not always been the case in the real life situations. It has been
changing at time the circular rigid order that could have provided the better results.
Another popular drawback of the PDCA has been that it has been change fatigue. The people have
been becoming confused regarding the status of the procedures and the processes. Few people have
been left out of that cycle or have been unable to maintain the pace with the turnovers that has been
following the continuous outmoded practices (Ren et al. 2015).
2. Exercise 2:
2.1. Identification of the key aspects of ISO/IEC 27001:2013 standard:
ISO/IEC 27001:2013 has been specifying the necessities to establish, implement, maintain
and consistently develop the system of security management under the context of the organizations
(31000:2009, 2017). It has been also incorporating the necessities to assess and treat the risks of
information security tailored to the necessities of the organizations. The necessities set out in the
ISO/IEC 27001:2013 standard have been generic and have been intended for being applicable to
every organization irrespective of their nature, size and type.

3IT RISK MANAGEMENT
References:
31000:2009, I. (2017). ISO 31000:2009 - Risk management -- Principles and guidelines. [online]
Iso.org. Available at: https://www.iso.org/standard/43170.html [Accessed 20 Aug. 2017].
Bricker, G. (2017). The Basics of ISO 31000 – Risk Management. [online] Avalution Perspectives.
Available at: http://perspectives.avalution.com/2011/the-basics-of-iso-31000-risk-management/
[Accessed 20 Aug. 2017].
Broadleaf.com.au. (2017). ISO 31000:2009 – setting a new standard for risk management –
Broadleaf. [online] Available at: http://broadleaf.com.au/resource-material/iso-31000-2009-setting-
a-new-standard-for-risk-management/ [Accessed 20 Aug. 2017].
Ren, M.M., Ling, N., Wei, X. and Fan, S.H., 2015, November. The Application of PDCA Cycle
Management in Project Management. In Computer Science and Applications (CSA), 2015
International Conference on (pp. 268-272). IEEE.