This website uses cookies to ensure you have the best experience. Learn more

Risk Assessment Essay

3724 words - 15 pages

Dr. Michael Workman
Information Security Management


Information systems have long been at some risk from malicious actions or inadvertent user errors and from natural and man-made disasters. In recent years, systems have become more susceptible to these threats because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals. In addition, the number of individuals with computer skills is increasing, and intrusion, or “hacking,” techniques are becoming more widely known via the Internet and other media.
Arisk assessment is not about creating huge amounts of paperwork , but rather about ...view middle of the document...

This continuing cycle of activity, including risk assessment, is illustrated in the following depiction of the risk management cycle.

Basic Elements of the Risk Assessment Process

Risk assessments, whether they pertain to information security or other types of risk, are a means of providing decisionmakers with information needed to understand factors that can negatively influence operations and outcomes and make informed judgments concerning the extent of actions needed to reduce risk. For example, bank officials have conducted risk assessments to manage the risk of default associated with their loan portfolios, and nuclear power plant engineers have conducted such assessments to manage risks to public health and safety. As reliance on computer systems and electronic data has grown, information security risk has joined the array of risks that governments and businesses must manage.

Regardless of the types of risk being considered, all risk assessments generally include the following elements.

Identifying threats that could harm and, thus, adversely affect critical operations and assets. Threats include such things as intruders, criminals, disgruntled employees, terrorists, and natural disasters.
Estimating the likelihood that such threats will materialize based on historical information and judgment of knowledgeable individuals.
Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
Estimating, for the most critical and sensitive assets and operations, the potential losses or damage that could occur if a threat materializes, including recovery costs.
Identifying cost-effective actions to mitigate or reduce the risk. These actions can include implementing new organizational policies and procedures as well as technical or physical controls.
Documenting the results and developing an action plan.

There are various models and methods for assessing risk, and the extent of an analysis and the resources expended can vary depending on the scope of the assessment and the availability of reliable data on risk factors. In addition, the availability of data can affect the extent to which risk assessment results can be reliably quantified.
A quantitative approach generally estimates the monetary cost of risk and risk reduction techniques based on
(1) the likelihood that a damaging event will occur,
(2) the costs of potential losses, and
(3) the costs of mitigating actions that could be taken.

When reliable data on likelihood and costs are not available, a qualitative approach can be taken by defining risk in more subjective and general terms such as high, medium, and low. In this regard, qualitative assessments depend more on the expertise, experience, and judgment of those conducting the assessment. It is also possible to use a combination of quantitative and...

Other Essays Like Risk Assessment

Internal Risk Assessment Essay

1214 words - 5 pages LaTashaia Cole MGT/488 Strategic Business Management and Planning Professor Vermuth University of Phoenix October 4, 2011 Internal Risk Assessment Hewlett Packard Company was founded in January 1939 and was created by Dave Packard and Bill Hewlett. The company’s management uses good listening skills, engaging with customers and employees, and personal involvement for its management techniques. Hewlett and Packard managed the company

Pm 584 Qualitative Risk Assessment Essay

1078 words - 5 pages Quantitative Risk Assessment PM/584 October 2015 Deborah Reid Quantitative Risk Assessment The following paper will cover a revision to the Kudler Fine Foods newsletter with coupons for a promotional items project background clarifying the project scope, requirements, schedule, quality and constraints. This paper will also include an updated risk identification framework, qualified and quantified

Risk Assessment

1355 words - 6 pages There was a time when criminal justice was the responsibility of lords, landowners, and monarchs who had largely inherit roles as government leaders. After the feudal system, as it was known failed to stop bandits from selling wares in an 18th century medieval Europe, Napoleon introduced a military police force of sorts known as gendarme. This method of justice caught on even among Catholics, whose rules were based moral order. The criminal

Nt2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis

617 words - 3 pages NT2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis Qualitative Risk Assessment Single loss expectancy (SLE) : Total loss expected from a single incident Annual rate of occurrence (ARO): Number of times an incident is expected to occur in a year Annual loss expectancy (ALE): Expected loss for a year ALE = SLE X ARO Safeguard value: Cost of a safeguard or control Scenario: Richman Investments provides high-end

Value Added Statements; Risk Assessment and Corporate Financial Management

944 words - 4 pages Value Added Statements; Risk Assessment’s Role in Corporate Financial Management This paper will show the benefits of value added statements and argue for their inclusion in U.S. financial reports. The role of risk assessment in financial management will also be discussed. Gary Meek and Sidney Gray (1988) argued that value added statements (VAS) would show profits in a format that would be easily understood and usable by all stakeholders

Applying Coso Enterprise Risk Management Integrated Framework

1044 words - 5 pages components of the framework are interrelated Internal Environment Considers all other aspects of how the organization's actions may affect its risk culture. Event Identification Event Identification Risk Assessment Likelihood- Impact Is used to assess risks and is normally also used to measure the related objectives. Employs a combination of both qualitative and quantitative risk assessment methodologies. Relates

Health and Safety

1173 words - 5 pages Health and Safety and Risk Management For the purpose of this essay I will explore a risk assessment based on the five steps to risk assessment (Health and Safety Executive). I will be completing a person centred risk assessment for a client I am working with. The risk assessment will include the steps taken to ensure the safety of the client is maintained at all times. This will also ensure a mental health assessment is carried out before

Is4550 Lab 9

632 words - 3 pages Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire

Understanding the Principles and Practices of Assessment

1737 words - 7 pages assessor you have a responsibility under the health and safety at work act to your learners. Any potential hazards need to be identified before any work takes place and these need to be minimised or removed. A risk assessment may be needed to help in this process. Safeguarding is the responsibility to protect individuals and vulnerable people. The specific needs of an individual may need to be assessed and plans put in place to ensure the individual

Enterprise Risk Management in the 21st Century

630 words - 3 pages must be in place and that the chosen objectives support and align with their mission and are consistent with its risk gusto. * Event Identification * Risk Assessment – A risk assessment is a careful examination of what, in the work, could cause harm to people, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm. It not only helps one to evaluate the risk but also help in measuring and

British Petroleum

2344 words - 10 pages the original risk assessment and pre-response impact of the risk registry it was determined the cost of the project and its time duration was adequate (Hall, 2015). Two months into the project we see the two major threats have occurred, not following EPA and OHSA Regulations and poor management. As well as the leading opportunity, adherence to EPA and OSHA regulations has been realized. It was also found the current budget has been exhausted and

Related Papers

Risk Assessment Essay

4359 words - 18 pages Abstract Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are

Risk Assessment Essay

1080 words - 5 pages their facility. In the year 1985, Health and Human Services, also known as the DHHS, made a decision there was a need to put policies into place for procedures on risk management and risk assessment within each health care facility. At the time there was a pretty high concern on how the advances within risk assessment and risk management within the Environmental Protection Agency, also known as the EPA, would take effect on the DHHS. In this

Risk Assessment Essay 740 Words

740 words - 3 pages CRITICAL RISK ASSESSMENT AND MILESTONE SCHEDULE Serenity Rehabilitation and Living Center offers a full variety of services that is intended to meet both short-term and long-term care needs. This includes rehabilitation services, skilled nursing, nursing home care, and residential care. We offer skilled therapy for rehabilitation, skilled nursing for critical illnesses, and residential care for people that need some assistance while still

Risk Management Assessment Essay

857 words - 4 pages Risk Management Assessment Summary Aurora Health Care Syisha Herman HCS/451 – Health Care Quality Management and Outcomes Analysis Barbara Smith September 26, 2011 Aurora Health Care services all of eastern Wisconsin and Northern Illinois. Aurora measures its progress by establishing and striving to meet specific goals for each and every care management initiative as they focus on the improvement of quality health care. Risk