Explain the process of risk identification, risk assessment, and the development of risk control strategies in designing security for an information management system.
What are some of the risk control strategies a company can employ to minimize risk?
Describe how an organization uses each of these tools in developing a risk control policy that will reduce an organization's vulnerabilities.
Describe the type of control, how it used, how it is implemented, and what type of risk it will minimize.
In designing security for an information management system, risk management has to be implemented which consists of following steps:
• Risk identification
• Risk assessment
• Development of risk control strategies
The first step in the process of managing risk is to identify potential risks. Risks are events which when occur in an information management system can cause problems. Hence risk identification starts with the source of problems. There are various means through which an organization can identify risks. These are source analysis, which identifies internal and external risks and problem analysis which identifies risks related to threats. Common risk identification methods which fall under these categories are:
• Objectives-based risk identification: Events which endanger achieving an objective is identified as risk
• Scenario-based risk identification: different scenarios are created and events which trigger unidentified scenarios are classified as risks.
• Taxonomy based risk identification: is the breakdown of possible risk sources.
• Common risk checking: a list of known risks is created
Once risks are identified, they must be assessed on severity and probability of occurrence. Sometimes these are easy to measure and sometimes it may be difficult to measure, therefore to increase the effectiveness of plan, best possible guesses have to be made. The most difficult part in risk assessment is determining the rate of occurrence since limited statistical information is available on past incidents.
There are several risk formulae, the most widely ...
The solution discusses risk identification, assessment and strategies in designing security.