Top Tutors
The team is composed solely of exceptionally skilled graduate writers, each possessing specialized knowledge in specific subject areas and extensive expertise in academic writing.
Order for this Paper or Similar Assignment Writing Help
Click to fill the order details form in a few minute.
Posted: November 23rd, 2022
Risk Assessment on Information Systems
Risk Assessment on Information Systems
The citation is equal to 10% or less. – General information about Risk Assessment. – You can make an example of a risk assessment plan. What the Instructor said is: “Write 2-3 pages on a topic of interest related to course content (hint: this can be used to build content/knowledge for the final project).”
Risk assessment is necessary for any project to reduce negative impacts and malicious attacks. Therefore, risk assessment is the process of identifying hazard, analyzing and evaluating risks related with that hazard, and determining appropriate ways to eradicate or mitigate the hazard. In a workplace, it is crucial to identify those things, processes, situations, et cetera that may consequently cause harm, particularly to the organization or people. After establishing the likely risks, you evaluate how severe the risk is, and then identify what measures should be used to effectively mitigate the occurrence (Kendrick, 2015).
Information and computer systems that most companies employ need to be secure. Agencies methodically identify, investigate and evaluate the information or data security risks connected to an information service or system together with the controls essential to manage them. Secure information and data against cybercrimes and destruction or information loss can only be guaranteed when effective risk assessment is done (Whitman & Mattord, 2011).
Security elements in information systems are vulnerability, threat, risk, and exposure which require safeguard and countermeasure. Vulnerability is a hardware, software or procedural weakness. It provides to an attacker an opportunity to enter into a computer network and access resources without authorization. Moreover, vulnerability means the system lacks or have weak safeguard that can be exploited. An example is an unpatched application, a service established on a server, unrestricted internet dial, an open firewall port and absence of a physical security. On the other hand, threat is any potential danger to data and information. It is a possibility that software or a person would exploit the vulnerability. Risk is the probability that the threat agent takes an advantage of the system vulnerability, consequently impacting the organization. Reduction of vulnerability and threat reduces risk. For example, a firewall with several open ports has a higher probability that an intruder will illegally access the network. Lastly exposure is an instance of being uncovered to losses from a hacker or a threat agent. It exposes a business to possible damage. For instance, if password management and rules are not enforced, the organization is likely to have users’ password to be captured and used in an authorized manner (Whitman & Mattord, 2011).
Risk assessment plan involves establishing a framework in which the entire project team identifies risks in each project development stage, and develops mitigation strategies to avoid those risks. For an information system, the risk assessment plan involves identifying an approach to build the program, either top-down or bottom-up approach (Peltier, 2005). Second, develop risk management matrix which documents risks and consequence, probability of risk occurring, impact to the project should the risk occur, risk prioritization (higher priority items must be mitigated before the lower priority items), and mitigation responses. Finally, establish the security control, often classified into three: administrative controls (screening of people, publishing policies and guideline, and conducting security risks awareness training), logical or technical control (executing and maintaining access control techniques, resource and password management, and infrastructure configuration) and physical controls (controlling access to different department, locking systems, environmental controls, and intrusion monitoring).
References
Kendrick, T. (2015). Identifying and managing project risk: essential tools for failure-proofing your project. AMACOM Div American Mgmt Assn.
Peltier, T. R. (2005). Information security risk analysis. CRC press.
Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Cengage Learning.
Why Choose our Custom Writing Services
We prioritize delivering top quality work sought by students.
Discounted Pricing
Our writing services uphold the utmost quality standards while remaining budget-friendly for students. Our pricing is not only equitable but also competitive in comparison to other writing services available.
0% similarity Index
Guaranteed Plagiarism-Free Content: We assure you that every product you receive is entirely free from plagiarism. Prior to delivery, we meticulously scan each final draft to ensure its originality and authenticity for our valued customers.
How it works
When you decide to place an order with Dissertation Help, here is what happens:
Expert paper writers are just a few clicks away
Place an order in 3 easy steps. Takes less than 5 mins.