Essay Sample on Managing Risks in Information System

Introduction

Generally, the risk mitigation plan entails identifying the cost to obtain the cost-benefit analysis and implementing all the approved countermeasures. In IT infrastructure, the management must review the risk assessment that it has completed and approved. The risk assessment team is tasked with identifying and evaluating threats, vulnerabilities, and countermeasures and developing recommendations for mitigating the risks an organization undergoes (Gibson & Igonor, 2020). In the process, the management should put in-place countermeasures that are being used and upgrade or replace them completely if need be. Further, there should be planned countermeasures documented in the risk assessment. Hence they are reviewed to determine their status and approve countermeasures added by the management into the implementation pipeline (Gibson & Igonor, 2020).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

New Countermeasures

In the process, the management purchases the new countermeasures that are supposed to be replaced, or delegate and track the entire system for completion. Therefore, it is important to translate the risk assessment into an actual risk mitigation plan. Similarly, the management should determine if there are overlapping countermeasures. In that case, the countermeasure is reduced or made to solve more than one risk, and other risks are mitigated by more than one countermeasure (Gibson & Igonor, 2020). Several countermeasures are implementable for a single risk and used as defense-in-depth strategy to reduce the risk even when the countermeasure fails. However, overlap countermeasure may cause a problem. For instance, a vulnerability scanner and an IDS can be configured daily to protect the server (Gibson & Igonor, 2020). Unfortunately, the IDS will detect and recognize the scan as a threat and notify the administrator, investigating and reviewing the alert (Gibson & Igonor, 2020). Usually, the overlap countermeasure is mapped to check the threat or vulnerability.

The cost-benefit analysis helps in determining whether a countermeasure should be used. For instance, if countermeasure benefits are more than the cost, the countermeasure provides benefits (Gibson & Igonor, 2020). However, when a countermeasure cost is more than the benefits, the countermeasure does not provide the benefits (Gibson & Igonor, 2020). The management first identifies the losses upon implementing the countermeasure and then the countermeasure's cost from the projected benefits to determine its value(Ganin et al., 2020). A quantitative risk assessment involves the estimation of the annual loss expectancy due to risk.

Greatest Benefit

The management wants to determine the countermeasure that gives the greatest benefit. A CBA report contains recommended countermeasure in a failover where the cluster's details might include the two matrix servers' cost and other failover cluster hardware (Ganin et al., 2020). The likelihood and impact of the threat if the threat matrix method is used to prioritize the risk (Gibson & Igonor, 2020). Suppose the countermeasure is eliminating a vulnerability, which includes an overview of how it works. Annual projected benefits where a countermeasure can reduce the risk to zero as the management determine direct and indirect benefits as annual monetary value and the initial costs they use to determine the countermeasure (Ganin et al., 2020). Similarly, a CBA should compare the costs and the benefits as the management ensures that the costs are less than the benefits, and the countermeasure provides the benefits.

Conclusion

Generally, in implementing the risk mitigation plan, the management should put the countermeasure in place to stay with the budget and on schedule. The management tends to have plans to reduce the unknowns and surprises, especially in complex countermeasures. The planning identifies all the costs for implementing the plan, hence making the project run smoothly.

Reference

Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 40(1), 183-199.
https://onlinelibrary.wiley.com/doi/abs/10.1111/risa.12891

Gibson, D., & Igonor, A. (2020). Managing risk in information systems. Jones & Bartlett Learning.