Risk Assessment
Risk assessment is an involuntary action in life that takes place consciously or subconsciously. Personally do risk assessments when considering purchases and various experiences in life. For example, when buying food, I assess whether it is worth it to purchase food at a high price that I probably won’t enjoy. I have enjoyed Chinese food only once out of the ten restaurants that I have visited. Therefore, I would avoid purchasing Chinese food because the probability of enjoying the food is one out of ten which may end up being a risky purchase. Risk assessment is inevitable; thus it is also a mandatory process at a place of work. Risks present itself in the workplace especially due to sharing of various information and data through different mediums.
The first step to risk assessment is identifying the threats that could potentially sabotage the organization. It is imperative to recognize the critical information assets that would significantly impact the company in case of a threat. Identifying the threats and the vulnerable assets allow the risk assessed to be managed through various strategies. For example (Pidgeon,2015), a trading organization could suffer data loss hence becoming vulnerable to its competitors. Also, it could cause loss of trust from the customers. Identifying potential risks and hazards can be done through research techniques such as questionnaires, interviews, and assessment of the network systems. Identifying risks presents an understanding of the potential victims hence resulting in the control measures decisions. Knowing the hazards and who to protect makes it possible to come up with viable strategies that can protect the systems, staff, and customers from harm. Recording the findings is also imperative when conducting a risk assessment (Boehm,2014). Documenting the results can also be useful for future references thus efficient risk management. However, revising the documented risk assessment is also imperative to enable updates and keep up with the latest security constraints that are likely to occur throughout time.
The purpose of conducting a risk assessment is to come up with risk management strategies. An organization experiences risks because of the organization’s activities such as ownership, operation, involvement, and influence. In the management phase, the chances are perceived as more than potential adverse effects and are taken into account as ventures that can degrade the organizational value (Tohidi,2011). Risk management ensures that the company earns the gains of a protected system. Risk assessment is the first stage towards risk management because it is at that phase that risks are discovered and assessed. The next step (Boehm,2014) is mitigation where the necessary steps are put across to reduce the impacts of the hazards. For example, a network security risk could be mitigated by encrypting sensitive information hence protection. However, mitigation cannot be done without analyzing the detected risk. Analyzing the risk presents the scope at which the risk is linked. Different factors such as environmental, regulatory or legal factors can be a contribution to the potential risks (Pidgeon,2015). Conducting analysis allows an organization to relate the issues to other organizations for proper strategy implementation. The appropriate mitigating measures are then evaluated and assessed to determine their feasibility and cost-effectiveness. The results collected after the Assessments are acted upon for improvement and change. Therefore, regular assessment of the established measures is essential to keep up with current activities and plans.
References
Pidgeon, N. F. (2015). Safety culture and risk management in organizations. Journal of cross-cultural psychology, 22(1), 129-140.
Tohidi, H. (2011). The Role of Risk Management in IT systems of organizations. Procedia Comp
Boehm, B. W. (2014). Software risk management: principles and practices. IEEE software, 8(1), 32-41.
