Type of paper:Â | Essay |
Categories:Â | Information technologies Risk management |
Pages: | 3 |
Wordcount: | 626 words |
Introduction
Generally, the risk mitigation plan entails identifying the cost to obtain the cost-benefit analysis and implementing all the approved countermeasures. In IT infrastructure, the management must review the risk assessment that it has completed and approved. The risk assessment team is tasked with identifying and evaluating threats, vulnerabilities, and countermeasures and developing recommendations for mitigating the risks an organization undergoes (Gibson & Igonor, 2020). In the process, the management should put in-place countermeasures that are being used and upgrade or replace them completely if need be. Further, there should be planned countermeasures documented in the risk assessment. Hence they are reviewed to determine their status and approve countermeasures added by the management into the implementation pipeline (Gibson & Igonor, 2020).
New Countermeasures
In the process, the management purchases the new countermeasures that are supposed to be replaced, or delegate and track the entire system for completion. Therefore, it is important to translate the risk assessment into an actual risk mitigation plan. Similarly, the management should determine if there are overlapping countermeasures. In that case, the countermeasure is reduced or made to solve more than one risk, and other risks are mitigated by more than one countermeasure (Gibson & Igonor, 2020). Several countermeasures are implementable for a single risk and used as defense-in-depth strategy to reduce the risk even when the countermeasure fails. However, overlap countermeasure may cause a problem. For instance, a vulnerability scanner and an IDS can be configured daily to protect the server (Gibson & Igonor, 2020). Unfortunately, the IDS will detect and recognize the scan as a threat and notify the administrator, investigating and reviewing the alert (Gibson & Igonor, 2020). Usually, the overlap countermeasure is mapped to check the threat or vulnerability.
The cost-benefit analysis helps in determining whether a countermeasure should be used. For instance, if countermeasure benefits are more than the cost, the countermeasure provides benefits (Gibson & Igonor, 2020). However, when a countermeasure cost is more than the benefits, the countermeasure does not provide the benefits (Gibson & Igonor, 2020). The management first identifies the losses upon implementing the countermeasure and then the countermeasure's cost from the projected benefits to determine its value(Ganin et al., 2020). A quantitative risk assessment involves the estimation of the annual loss expectancy due to risk.
Greatest Benefit
The management wants to determine the countermeasure that gives the greatest benefit. A CBA report contains recommended countermeasure in a failover where the cluster's details might include the two matrix servers' cost and other failover cluster hardware (Ganin et al., 2020). The likelihood and impact of the threat if the threat matrix method is used to prioritize the risk (Gibson & Igonor, 2020). Suppose the countermeasure is eliminating a vulnerability, which includes an overview of how it works. Annual projected benefits where a countermeasure can reduce the risk to zero as the management determine direct and indirect benefits as annual monetary value and the initial costs they use to determine the countermeasure (Ganin et al., 2020). Similarly, a CBA should compare the costs and the benefits as the management ensures that the costs are less than the benefits, and the countermeasure provides the benefits.
Conclusion
Generally, in implementing the risk mitigation plan, the management should put the countermeasure in place to stay with the budget and on schedule. The management tends to have plans to reduce the unknowns and surprises, especially in complex countermeasures. The planning identifies all the costs for implementing the plan, hence making the project run smoothly.
Reference
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 40(1), 183-199.
https://onlinelibrary.wiley.com/doi/abs/10.1111/risa.12891
Gibson, D., & Igonor, A. (2020). Managing risk in information systems. Jones & Bartlett Learning.
Cite this page
Essay Sample on Managing Risks in Information System. (2024, Jan 11). Retrieved from https://speedypaper.net/essays/essay-sample-on-managing-risks-in-information-system
Request Removal
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Essay Example on TOR - The Dark Side of the Internet
- Justification Letter for Purchase of Equipment. Essay Sample.
- Essay Sample on Certification and Tools in the Agile Scrum Environment
- Free Essay: Ethics, Statesmanship, and Governance
- Work Rules! Insights From Google That Will Transform How You Live and Lead. Essay Example
- Essay Sample on Analysis of Why Dell's Supply Chain Strategy Is Successful
- Palliative Scenario: The Case of Mrs. Thomas
Popular categories