Risk Management Strategies

1713 Words4 Pages

Introduction The purpose of risk management is to protect an organization’s valuable assets information, hardware, and software. The purpose of risk management process is to identify and manage risks in such a way that a company is able to meet its strategic and financial targets. Risk management is a continuous process, by which the major risks are identified, listed and assessed, the key persons in charge of risk management are appointed and risks are prioritized according to an assessment scale in order to compare the effects and mutual significance of risks. It is very important that the organizations and business to be very well prepared to see what kind of risk we are facing, or the business can suffer in case of a major disaster. 1.1 Purpose This report aim to explain how is achieved risk control through strategies and through security management of information. 1.2 Objectives Describe how information assets are identified as exposed to risk, and how risk is identified and evaluated. Objectives are to place control measure to reduce specific vulnerabilities. Defining control objectives is the first step in deriving the corresponding control requirements to mitigate the risk associated with the vulnerability. 1.3 Definitions, Acronyms, and Abbreviations "Risk management is the part of analysis phase that identifies vulnerabilities in an organization's information system and take carefully reasoned steps to assure the confidentiality, integrity, and availability of all components in the organization's information system" (Management of Information Security - second Ed, Michael E. Whitman and Herbert J. Mattord) Risk is the potential loss resulting from the balance of threat, vulnerabilities, countermeasures, and value. ... ... middle of paper ... ...ity 4th ed. - M. Whitman - Cengage page 158) 2.1 General Categories of Control There are three categories of control: policies, programs and technical control. Controls can be classified as : • Directive • Preventive • Detective • Reactive 2.2 Risk Control Strategies Avoidance means to eliminate or reduce the remaining uncontrolled risks for the vulnerability, attempts to prevent the exploitation of the vulnerability. Transference means to attempts to shift the risk to other assets, other processes, or other organizations. Mitigation aim to reduce, by means of planning and preparation, the damage caused by the exploitation of vulnerability, aim to reduce the impact. Mitigation depends upon the ability to detect and respond to an attack as quickly as possible. Acceptance implies understanding the consequences and accepting the risk without control or mitigation.

Show More
Related

  • Hrm 531 Week 3 Risk Analysis

    506 Words  | 2 Pages

    "The next step is to determine the impact that the threat could have on the organization. It is important for auditors to understand that not all threats will have the same impact. This is because each system in the organization most likely will have a different value (i.e., not all systems in the organization are worth the same or regarded in the same way). For instance, to evaluate the value of a system, auditors should identify the processes performed by the system, the system's importance to the company, and the value or sensitivity of the data in the system" (Edmead). To understand the important of a risk helps point out the businesses weaknesses. It is important that the degree of impact caused by different risks are determined. The

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • Security Risk Management SRM and Auditing

    1032 Words  | 3 Pages

    The way forward lays in a security risk management (SRM) approach that protects your company from the most severe threats to critical IT systems and operational processes. SRM helps your organization understand its assets and analyze the vulnerabilities it must address. Security risk management also facilitates internal and external compliance initiatives. It enables your organization to enforce policies that relate to the integrity of customer data, the configuration of corporate applications and databases, and the accuracy of financial reports. Companies that take a systematic approach to SRM reap additional benefits: operational efficiencies that lead to better management of resources and reduced costs. It's up to all the parties involved in the IT operations and security mission to demonstrate that they can take on the demands of this new challenge.

    Read More

  • Security Controls Case Study

    754 Words  | 2 Pages

    Security controls are technical or administrative safeguards or counter measures to avoid, counteract or minimize loss or unavailability due to threats acting on their matching vulnerability, i.e., security risk. Controls are referenced all the time in security, but they are rarely defined. The purpose of this section is to define technical, administrative/personnel, preventative, detective, and corrective compensating controls, as well as general controls.

    Read More

  • Business Impact Assessment, Vulnerability Assessment, Penetration Test, And Risk Assessment

    937 Words  | 2 Pages

    A risk assessment is the process of assessing the level of risk an asset or a business has based on the number of variabilities and business impact that would be occurred if these vulnerabilities are exploited. This intern allows the business to mitigate these vulnerabilities so they can manage the level of risk to their business.

    Read More

  • Importance Of Risk Management In Homeland Security

    1107 Words  | 3 Pages

    There is a lot of complexity in understanding risk management and its correlation to homeland security. Risk management is a way to approach the fact that securing the homeland is not certain and there are unknown variables in every aspect of life; risk management is a way to narrow down the focus based on quantifiable information determining probability against capability. Risk management plays and integral role in homeland security. Risk management is employed using a formula described in the NIPP for establishing a narrow scope to make the best decision about protecting infrastructure. The risk management formula lays down the foundation to make the most reasonable determination based on the potential consequences, vulnerability, and

    Read More

  • Industrial Espionage Research Paper

    2302 Words  | 5 Pages

    One of the first steps in developing an effective counterespionage program is to conduct a risk assessment of the organizations trade secrets or sensitive information. Daniel Benny states that when determining the risk, there will be a need to examine the information that is to be protected; what the value of the information is, define would want it; determine how accessible it is; and the impact on the organization should such information be illegally obtained through industrial espionage (Benny, page 51). When the risk assessment shows what the risk and threat are, a trusted person in the organization will need to determine the information they want to protect. Daniel Benny illustrates Threat: risk of threat = severity of threat x probability of occurrence (Benny, page

    Read More

  • Cobit Framework

    685 Words  | 2 Pages

    Program will use a risk management approach to develop and implement Information Security policies, standards, guidelines, and procedures that address security objectives in tandem with business and operational considerations. The Information Security Program will develop policies to define protection and management objectives for information assets. The Information Security Program will also define acceptable use of PCS information assets. The Information Security Program will attempt to reduce vulnerabilities by developing policies to monitor, identify, assess, prioritize, and manage vulnerabilities and threats. The management activities will support organizational objectives for mitigating, responding to and recovering from identified vulnerabilities and threats.

    Read More

  • Benefits Of Risk Management To Homeland Security Environment

    789 Words  | 2 Pages

    Risk management is the process of identifying, analyzing, and either accepting or mitigating the uncertainties in decision making (Talbot & Jakeman, 2009). In matters of security, risk management involves risk identification, assessment and prioritization while allocating resources so as to monitor, minimize, and control occurrences of the unforeseen events. Avoidance of risk should not be confused with risk management as the two are different. Risk management is a responsibility of all the staff members as it forms day-to-day activities. It involves continuous monitoring on the changes of the environment and coming up with counter measures to protect the public from the impacts of any kind of events.

    Read More

  • Risk Management: Department Of Homeland Security

    1326 Words  | 3 Pages

    Risk management is defined by the Department of Homeland Security (DHS) as “the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken” (DHS 2010a, p. 30). Raymond Decker, Director of Defense Capabilities and Management testified on behalf of the U.S. Government Accountability Office (GAO) before the Subcommittee on National Security, Veteran’s Affairs, and International Relations; House Committee of Government Reform, and further described risk management as the “systematic and analytical process to consider the likelihood that a threat will endanger an asset,

    Read More

  • The Importance Of Confidentiality In Data Security

    793 Words  | 2 Pages

    First, the process of risk management is an ongoing, iterative process. It must be repeated indefinitely. The business environment is constantly changing and new threats and vulnerabilities emerge every day. Second, the choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.

    Read More

  • Importance Of Risk Management

    2681 Words  | 6 Pages

    Meaning of the risk is the chance than can bring to loss or unfavourable effect from the action that have be taken. It is because the uncertainty that will arise in future is unknown. More ambiguity about the success of the action, more greater the risk. Such as, for the farm manager, risk management include maximizing the profit and minimizing the risk. Every decisions that be made is usually not known what will happen in future. Hence, the consequences whether better or worse than what is expected.

    Read More

  • Risk Control and Security Management

    751 Words  | 2 Pages

    Will be described how information assets are evaluated as exposed to risk, and how risk is identified and evaluated.

    Read More

  • Computer Security: The Threat Of Computer Security

    803 Words  | 2 Pages

    computer security safe guards the computer in three ways by failure of availibility, intengrity and confideliaty or privacy. Failure of availbility is the denial of service for which is a serious threat to life and society as now more are more dependent on computers. Integrity is the returning of programs exactly as what they are. Any modifications to programs must be made only by an authorized person to maintain the accuracy, quality and precisoin of the data. The third one is the privacy which is an inappropriate disclouser of data. A security policy is the one that defines the actions to be authorized, access to resources and what to be protected against what threat in order to achieve the ...

    Read More

  • Essay On Importance Of Risk Management

    709 Words  | 2 Pages

    Risk Management allows us to identify the problems which are unknown during the start of the project but may occurs later. Implementing an efficient risk management plan will ensure the better outcome of the project in terms of cost and time.

    Read More

More about Risk Management Strategies

Open Document