26 Apr 2022

360

Risk Management in Information Technology

Format: APA

Academic level: Master’s

Paper type: Research Paper

Words: 1141

Pages: 4

Downloads: 0

Risk management is critical in each profit oriented organization. Proper risk management strategy ensures that organization eliminates unnecessary cost which occurs in a company due to avoidable risk. It is also a tool used to increase production in business. Consequently, many organizations currently use information technology in their operations. Information technology involves computer application to store data, retrieve document, training and development and many others. 

Like any other organization, IT oriented organization should follow and apply specific and critical steps when undertaking risk assessment to help them pre-identify risk or threat the computer systems face and document results which will aid in risk management. The system risk assessment in an IT department follows specific steps which the manager must acclimatize with. In this document, I will complete system Risk analysis in IT department in Smith Call Center Organization. Within this organization, computers are used to monitor customer’s calls, handle customer call requests among many others.

It’s time to jumpstart your paper!

Delegate your assignment to our experts and they will do the rest.

Get custom essay

Steps in risk assessment in IT department

System Characterization

The first step in my risk assessment plan for this project is to characterize the system within my disposal. Under this step, my main work is to identify the resources and the system which I have the capability to access with much ease. This includes the computers which are used to receive and call the clients as well the individuals who are responsible for carrying out this function within the department. The primary resource I am interested in within these step is computer software, data information systems, data sensitivity, and an individual who support the IT, the system policies within the organization and lastly the system security personnel and architecture (2017).

Also, conducting small group focus interviews and distribution of questionnaires are part and parcel of my assessment. This will help me gather information about the security issues facing the system from the trusted employees as asserted by Covello and Merkhoher (2013). Security identification

My next step is to identify any system security threat. A risk, in this case, is a potential of any threat source to cause system vulnerability successfully. Threat source, on the other hand, is an incident or situation which makes the system vulnerable. Under this step, my main aim is to isolate the threat source which will allow me to deal with the threat. At this step, I am keenly observing any natural threat, personal threat, or environmental threat with an intention to identify any connection between these threats with the system security. My primary concern is whether the company suffers from issues to do with power failures, pollutions, earthquakes, floods, electrical storms, events which are maliciously caused by the employees; malicious uploads malicious data entry, and many others. These issues constitute a larger part of my assessment (Li, 2014).

Vulnerability identification

Having identified the system security threat, my attention is focused on finding the extent to which the system within this organization is vulnerable. Why it is vulnerable and the efforts the organizations make to curb the vulnerability. Vulnerability, in this case, is the system design, implementation or internal control weaknesses which can be easily exploited by unauthorized person and hence may result to breach of the security policies. Under this step, my goal is to list all the weaknesses within the department system which can be utilized by the potential threat sources. For this reason, I will use vulnerability sources within the organization such as previous assessment to come up with the list of vulnerability. Also, I will use the internet to identify the weaknesses the system audit report if any and vulnerability database. Alternatively, performing system testing is part and parcel of my assessment. Under this step, tools such as automated vulnerability scanning tool are paramount and are incorporated within my actions. For accuracy purposes, security test evaluation form a significant part of my actions under this step.

Control Method Determination

Having listed the vulnerabilities the system within this organization faces, my attention now focuses on the control methods the organization puts in place to ensure that the organization systems are secured. My analysis under this step is inclusive of the methods which are used to curb the security issue within the organization’s systems. For instance, what are the issues incorporated to protect the software and the company web page? What are the security methods included to protect the computer hardware? The strategies the organization uses to identify any threat and many others. Also, I am interested to know the preventive techniques the company uses to prevent security issues in the system. The detective technique if any, that the firm has put in place to detect the security issues before they happen are also part of my action. Under this step, I have incorporated the safety checklist in my action which helps in carrying out the analysis of the control systems within the organizations.

Likelihood of the Risk Occurrence  

My next step in my assessment after having the data on the control methods of the organization is to determine the likelihood of the risk occurring based on the information I have already gathered. My intention at this point is to help the organization know the probability of their security strategies being overcome by the potential threat sources. My intent at this stage is to rate their likelihood of the organization security methods and management destruction as either low, high, or medium. My conclusion at this point considers the result of my data on the organization security control management methods, nature and vulnerability and threat sources capability within the organization. 

Impacted analysis

The next stage is impacted analysis to determine the level of impact the system, as well as the entire organization, faces in case there is successful threat exercise of vulnerability. My consideration at this point is given to system mission in the organization, criticality of the system data to the organization and data sensitivity. To gather this information, I will major on the organization existing documents. An example is mission impact analysis report. My primary intention at this point is to know the extent at which the organization reputation and image together with production level will be affected in case the system security is breached.

Risk determination 

The next step in my assessment focuses in on risk determination. My main aim at this level is to assess the level at which the organization IT systems are exposed to the risk. My action at this point includes determining the likelihood of the threat attempting to affect the system. The adequacy of the planned system control within the organization and to determine the impact should the threat successful occur within the system. My primary tool at this stage is the Risk level matrix which guides me when I am assigning or rating the likelihood of risk occurrences (Fenton & Griffiths, 2008).

Control recommendation  

The second last step is to give the control recommendation. My control mechanism recommendations are based on legislation and regulation in the organization, safety, and reliability within the organization and many others ( Stoneburner, Goguen, & Feringa., 2012).

Documentation  

The last step is documentation. Under this step, my intention is to document all the threat sources and vulnerability identified, the risk identified during the assessment and many others

In conclusion, computer system security is very paramount in many organizations since its use is currently vast. Risk assessment is very paramount in protecting system security in organization. Risk assessment helps in risk identification which enables prior action in risk management activities. For this reason these risk management steps should be followed critically.

References

Covello, V. T., & Merkhoher, M. W. (2013). Risk Assessment Methods: Approaches for Assessing Health and Environmental Risks . Springer Science & Business Media.

Fenton, G. A., & Griffiths, D. V. (2008). Risk Assessment in Geotechnical Engineering . Wiley.

Li, W. (2014). Risk Assessment of Power Systems: Models, Methods, and Applications . John Wiley & Sons.

Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). Sp 800-30, Risk Management Guide for Information Technology Systems. NIST Special Publication 800-30. 

Illustration
Cite this page

Select style:

Reference

StudyBounty. (2023, September 14). Risk Management in Information Technology.
https://studybounty.com/risk-management-in-information-technology-research-paper

illustration

Related essays

We post free essay examples for college on a regular basis. Stay in the know!

Security Implication of the Internet of Things

The Internet of Things (IoT) can be described as s system of interconnected devices that have the ability to transfer information over a computer network without the need of human-to-computer or human-to-human...

Words: 892

Pages: 3

Views: 96

Modern Day Attacks Against Firewalls and VPNs

Introduction The need to have an enhanced security of the computer connectivity happens to be one of the reasons that attract companies and organizations towards wide usage of VPNs. Several simple techniques...

Words: 2025

Pages: 7

Views: 134

How to Deploy and Administer Windows Server 2012

Securing a reliable, and expandable configuration for a company is important to build a strong network. The new and enhanced features of the Windows Server 2012 can be used to implement the network. In this...

Words: 1673

Pages: 6

Views: 88

Deployment Model in Cloud Computing

Deployment model is a representation of a cloud environment primarily distinguished by parameters such as accessibility, proprietorship, and storage size. The National Institute of Standards and Technology gives the...

Words: 254

Pages: 1

Views: 82

How to Use Web Search Engines for Business Research

The advancement of technology has made it possible for many people around the world to have easy access to information whenever they want. The development of the Wide World Web-enabled different kinds of information...

Words: 773

Pages: 3

Views: 87

Distributed Database Management System (DDBMS)

Introduction Data management has been a headache to many technology enthusiasts for quite a long period of time. They have successfully managed to logically collect interrelated data and share it. If the data is...

Words: 799

Pages: 3

Views: 128

illustration

Running out of time?

Entrust your assignment to proficient writers and receive TOP-quality paper before the deadline is over.

Illustration