Risk Consultants
Every system or network is susceptible to certain dangers. Adopting risk management approaches is essential to ensuring that these issues do not affect the system's operation. Risk evaluation, mitigation, and assessment are all included in risk management. The first step in managing threats and risks is risk assessment. It is primarily used to assess the type, scope, and hazards posed to a system by prospective threats. During the following processes of risk management, the results of risk assessment procedures assist in determining the best controls for removing or lowering risk (Stoneburner et al., 8). In addition, risk assessment offers a company a number of advantages. One, it raises awareness of the potential hazards or threats to the system. Secondly, it identifies the source of the risk. This could be internal or external elements of the company (CCOHS). Thirdly, the process is crucial in determining if a control program or system need to be established in light of the presented hazards and also assessing the adequacy of existing mitigation efforts. Risk assessment also helps in preventing injuries illness and ensures the organization meets legal requirements where applicable (CCOHS).
The scope of risk assessment describes the areas that are covered when conducting a risk assessment activity. It is also referred to as characterizing the system and helps in identifying the critical areas of analysis. For a firm's network system, the key areas of focus include the boundaries, resources and the information that make up the system. These may consist of the software, hardware, system interface, data and information, system mission, system functions, system boundaries, network and data sensitivity, and system and data criticality.
There are various methodologies to risk management. Some of them include asset audit, the pipeline model, and attack tree model (GIAC Certifications, 6). For the assignment, I would use the asset audit methodology of risk assessment. As mentioned earlier, risk assessment scope encompasses analyzing the elements that make up a system. This includes external and internal factors that may present a risk to the company. On its part, asset audit approach is focused on analyzing the assets the organization own and checking if these assists are appropriately protected. The methodology has six essential steps. The first step is to identify information-based assets. Here, the risk manager identifies all that data and information that is stored, processed, accessed, or passed through the network. The information can include backup tapes source codes and customer information. The second step is to determine the mechanism through which the highlighted information assets enter and leave the system. Thirdly, the risk manager identifies the threats to this system as it pertains to how the data is handled (GIAC Certifications, 6).
The next step is to determine the likelihood of the identified threats to occur and then conduct an impact analysis (GIAC Certifications, 6). In these steps, risk managers assess the degree of probability of the identified risks to occur and determine the extent of interruption or damage these threats would cause if they occur. The process ends with identifying the appropriate mechanism that can be applied to safeguard the network from the identified risks. The arrangements can either be technical or non-technical depending on the level of risk and the type of threat they represent (GIAC Certifications, 6). The assets audit approach to risk assessment provides a comprehensive analysis of not only the risk associated with the system but also the assets that are vulnerable to such threats.
Works cited
CCOHS. ""Risk Assessment."" 2017, https://www.ccohs.ca/oshanswers/hsprograms/risk_assessment.html.
GIAC Certifications. ""An Overview of Practice Assessment Methodologies."" https://www.giac.org/paper/gsec/3287/overview-practical-risk-assessment-methodologies/105426
Stoneburner, Gary et al. Risk Management Guide for Information Technology Systems. National Institute Of Standards and Technology, New York, 2002, pp. 1-41.
Academic levels
Skills
Paper formats
Urgency types
Assignment types
Prices that are easy on your wallet
Our experts are ready to do an excellent job starting at $14.99 per page
We at GrabMyEssay.com
work according to the General Data Protection Regulation (GDPR), which means you have the control over your personal data. All payment transactions go through a secure online payment system, thus your Billing information is not stored, saved or available to the Company in any way. Additionally, we guarantee confidentiality and anonymity all throughout your cooperation with our Company.