Computer Sciences and Information Technology
Topic:
Risk Management
It is an accepted truth that without risk there can be no gain. Every individual and organization who wants to succeed must take some risks. Risk management is not about not taking risks, but about taking risks in a controlled environment for which one must understand the risks their triggers and their consequences.
Write a four to five (4-5) page paper in which you:
Contrast risk, threat, and vulnerability.
Explain the relationship between risk and loss.
Describe risk management and assess its level of importance in information security.
Argue the need for organizations to take risks with its data (e.g., Is it a risky practice to store customer information for repeat visits.)
Describe the necessary components in any organizational risk management plan.
Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources
Risk Management
In Information Technology, three terms define the issues that could occur in the systems of an organization. These three terms include vulnerability, threat, and risk. Risk management is when potential damage or loss of an asset, sighted from afar or at times it just hits without consent, is controlled or stopped from happening. When an organization is planning to obtain something of value, it can either gain or lose it in the process. Risk can be controlled by evaluating its potential before undertaking the process.
Vulnerability is a weakness or a loophole that is found in a resource that gives access to exploitation by attackers (Threat, Vulnerability & Risk: Difference & Examples, n.d.). For example, when an employee resigns or is sucked from a company if their access to some of the accounts is not disabled, that would leave the company vulnerable to an attack. To avoid this from happening, the company or organization should test for vulnerabilities to ensure the continued security of the systems. It is done by backing up data and storing it in a secure location that cannot be easily accessed without authorization. – Thesis Writing Service In Canada
An agent that causes harm to the systems in an organization is a threat. An agent can be in the form of a person or something. They take advantage of the vulnerabilities in an organization so employees also can be threats of an organization. There are three types of threats that could be classified as natural threats, unintentional threats, and intentional threats. Natural threats are caused by natural occurrences like floods and hurricanes. The unintentional threats are like when an employee of a certain organization mistakenly accesses delicate information. The intentional threat is when an attacker hacks the systems. For example, spyware and adware companies.
Risk is potential damage or loss of an asset, sighted from afar or at times it just hits without consent. A risk is when an agent, threat, is involved and there is a vulnerability in an organization. A vulnerability is taken advantage of by a threat then causes a risk. For example, when an employee steals money or devices from an organization. for risk to be reduced, a risk management plan should be created and implemented. The risk management plan involves assessing the risk and determining what is required, involving all the stakeholders’ perspectives who consist of the owners, employees, and customers. Implementation and monitoring of the most applicable policies that help in controlling effectiveness.
Risk and loss
Risk can be explained as the uncertainty or rather the chances of a loss to take place. Uncertainty is the state where there is a positive or negative probability of something to happen or rather not knowing what next. The greater the uncertainty means that there is a high probability of a risk to happen. A loss is an outcome or rather the result attained from a risk. It is an unfavorable outcome as a result of a risk. It is right to say that a risk and a loss are interconnected since one is as a result of the other. Managing risk can be done by paying attention to the results or the outcome subject to the risks in place and the tolerance of risk.
Risk management
Risk management is a step by step procedure created and implemented by an organization to Help in managing risk. For a risk to be managed, the organization has to be very open; it needs to let all risks known when taking a certain activity. It should be diverse, independent and must be disciplined when making decisions that will affect the entire organization. Risk management can be based on an internal context and the external context. In the internal context, one has to learn the abilities and skills of an employee, the diverse cultures of employees, devices used in an organization, and how to achieve goals set. The external context is where one has to study and understand the environment of the organization.
Importance of risk management
It is important to manage risk in information security. Risk management helps in preventing loss of finances or intellectual properties in an organization, it prevents breaching of legal contracts, and it also helps to prevent damage in reputation through leaking of adverse reports to the media (Yildirim, 2016). The sources of vulnerabilities of information security in an organization could either be the absence of security governance in the organization that helps in the implementation of policies or poor implementation of information technologies that store delicate information of an organization. Risk management helps in translating security in an organization into a subject related to business.
Evaluating possible risks that could happen to devices and data in them and being able to identify possible risks that the organization can avoid helps save up a lot. Risk management helps in managing the effectiveness of IT devices, and employees that use and manage the devices in an organization. Security is not an external device that can be plugged into a machine. Risk management is used to re-center all conversations in the organization’s devices and goes beyond the horizons of information security. IT devices are capable of so many things. If they are well managed, all operations in that organization will run smoothly and effectively
Risk of data in an organization
Any data in a device is vulnerable to risk. An organization needs to evaluate all the risks involved. For instance, data could be lost by either being stolen or erased. If that happens, the organization loses its customers or associates. The company’s reputation will be ruined if that happens. Storing customers’ data in the same file for repeat visits makes it easy for the employees to collect all the details of the customers. It could be dangerous too because, in case of a risk, all data could be stolen or erased from that file. Therefore, companies shouldn’t do so. If need be, a risk management plan should be introduced to help in assessing risk before it strikes.
Components in organizational risk management plan
A risk management plan is prepared before undertaking a project to detect or foresee the possibility of a risk. It helps the organization find solutions to whichever risk and its impact. A risk management plan entails; identifying and analyzing risk. The organization needs to plan responses towards risks identified. This is determining various ways that help reduce or eliminate a threat. It also involves any opportunity that could increase the level of risk impact. Response to a threat can be by avoiding or eliminating the threat, transferring risk by purchasing insurance, mitigating risk by reducing the possible causes and enhancing any probability of positive risk, opportunity.
Implementing and monitoring risks is another plan. Implementing risk is putting the agreed responses into action. Monitoring risks involves several activities which are; following up the implementation of the agreed responses, reassessing the risk responses agreed and effectively auditing the process of risk management. Organizations should apply the agreed risk responses to help prevent unforeseen damage to their data or devices. Prevention of risks helps in saving up money and resources that could be used to renew the lost assets and rebuild reputation instead of investing that money in implementing new risk management strategies.
Vulnerability is a weakness or a loophole that is found in a resource which gives access to exploitation by attackers, a threat is any agent that causes harm to assets in an organization and risk is potential damage or loss of an asset, sighted from afar or at times it just hits without consent. Risk can be explained as the uncertainty or rather the chances of a loss to take place. Risk management is important in information security since it helps in preventing loss of finances or intellectual properties in an organization, it prevents breaching of legal contracts, and it also helps to prevent damage in reputation through the leaking of adverse reports to the media among others.
References
Threat, Vulnerability & Risk: Difference & Examples. (n.d.). Retrieved – Thesis Writing Service In Canadafrom https://study.com/academy/lesson/threat-vulnerability-risk-difference-examples.html
Yildirim, E. B. R. U. Y. E. N. I. M. A. N. (2016). The importance of risk management in information security. In Proceeding of the IIER international conference, Rio de Janeiro, 29 th-30 th November 2016 (pp. 5-8).