Essay Sample. CS IT Security and Disaster Recovery Management

Information management in an organization is an essential factor that contributes to the productivity of the employees and the firm as a whole. Through a proper information management system, the organization develops the security of its data, thus protecting its information form malicious use. An information system is computer hardware and software components that are used to collect, store, create, process, and distribute data within an organization. Information stored in such systems is prone to security-related risks. The security risks of an information system are the uncertainties that arise from integrity, loss of confidentiality, or the availability of data. The risks significantly affect the organization's aspects such as image, functions, mission, and assets. Some various elements and techniques are used in the assessment of information security-related risks in an organization.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Fundamentals of Risk Assessment

Assessing the information related risks is a fundamental operation within an organization. The primary principle of evaluating the risks is to determine the feasibility of the uncertainties and to help the individuals to reduce the impacts that may result from the issues. Identification of security vulnerabilities and threats is among the notable benefits of assessing such risks (NIST, 2017). Through risk evaluation, the stakeholders determine the specific threats to the information and the likelihood of their occurrence. Additionally, the assessment helps the risk managers to assess the ability of the existing risk control methods. Upon risk assessment, the organization, therefore, develops other mitigation and contingency actions and also enhances the effectiveness of the current methods.

The risk assessment also plays a significant role in enhancing the awareness and readiness of the stakeholders in the organization. Through assessing the risk occurrence chances, the organization also determines the preparation of its employees and the stakeholders to handle the situation. Additionally, the organization gauges the ability of the available control methods and personnel to handle the magnitude of the risk (NIST, 2017). The information security risk assessment process also enhances the communication between the organization management and the employees. This communication is improved during the conversation on the preparedness for the risks and the development of control techniques. The risk assessment process also enables organizations to develop migration actions for future risks (Riza, 2017). Therefore, the organization saves the cost of managing the present and future threats. Furthermore, the process of risk assessment also helps the organization to determine the impacts of its occurrence on organizational productivity. Primarily, assessing the information security-related risks, allows the organization to develop mitigation tactics and enhance the preparedness skills for the risks.

Methods of Risk Assessments

Information security-related risks are assessed in various ways. ISO 27005 is among the standard technique that is used to determine the risks of information security (Walsh, 2019). This approach provides the evaluators with the guideline for risk assessment. The method contains the areas that need to be reviewed to ensure the effectiveness of the assessment process. Through this technique, the risk managers acquire information about prospective risk and handle the assessment process systematically. Ideally, the ISO 27005 is the root of all other information security-related risk assessment methods in an organization.

Quantitative risk analysis is another technique that is used to assess the risks associated with information security. This method involves numerical and actuarial information to calculate the value of the risks. The risk evaluators analyze the risk by determining its feasibility and the loss it is likely to cause. The calculations are done after the threat is identified, and their impacts on the organization are identified. As a result, risk managers can determine the magnitude of the risk (Walsh, 2019). This method enables the organization to develop prevention actions to reduce the chances of risk occurrence. Additionally, through the calculations, the risk management stakeholders can reduce the negative impacts of the losses in an organization (Amraouli et al., 2019). For instance, the method effectively assesses the Order #7483755organization's information threat by calculating the probability of the risk occurrence. The calculations trigger the organization to develop the methods of protecting its information from such threats. Ideally, the quantitative risk analysis technique assesses the magnitude of the risk by determining its probability and the amount of impact to the organization.

Qualitative risk analysis is another method of assessing information security related issues in an organization. Unlike the quantitative approach, this method lacks numerical calculations and seeks to understand the profound impacts of the risks. In this method, the stakeholders determine the effects of the loss caused by the risk through intensive research (Loyear & Allen, 2018). Through the technique, the organization determines the contingency actions to handle the unpreventable risks. Ideally, the qualitative method seeks to provide solutions for the risks that may occur in the information systems.

Conclusion

In a nutshell, information security threats are among the risks that result in low productivity in an organization. Therefore, organizations develop assessment methods to evaluate the probability of the risks and the magnitude of the loss caused by the threat. The ISO 27005, quantitative, and qualitative risk analysis are the methods that are used to assess information security-related risks. Ideally, the assessment process of security-related issues in the information systems allows the organization to develop contingency and mitigation actions for the risks.

References

Allen, B., & Loyear, R. (2018). Enterprise security risk management: Concepts and applications. Brookfield, Australia: Rothstein Publishing. Retrieved from https://www.google.com/search?q=trident+online+library&oq=trident+online&aqs=chrome.1.69i57j0l7.5574j0j7&sourceid=chrome&ie=UTF-8

Amraouli, S., Elmaallam, M., Bensaid, H., & Kriouile, A. (2019) Information Systems Risk Management: Litterature Review. Computer and Information Science. 12(3). Retrieved from https://www.researchgate.net/publication/333826291_Information_Systems_Risk_Management_Litterature_Review/link/5d07cb42299bf1f539cb7f34/download

NIST. (2017). Security and Privacy Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

Riza, I. (2017). Risk management from the information security perspective. Junior Scientific Researcher. 3(2), 1-8. Retrieved from http://oaji.net/articles/2017/3273-1512653340.pdf

Walsh, K. (2019). Risk Assessment for Information Security Methodology. Reciprocity. Retrieved from https://reciprocitylabs.com/risky-business-risk-assessments-101/