Friday, May 17, 2019

Applying Risk Management Essay

take a chance precaution is an substantial instalment in managing education systems. Applying risk management principals to business procedures is native because it jockstraps organizations design and maintain a safe systems environment to figure the confidentiality, integrity, and availability of company data. Kudler Fine Foods has expressed an interest in developing an Enterprise Resource mean (ERP) system. The primary objective is to improve business administration by integrating stores and business systems. Kudler Fine Foods has ternion stores in California and integrating business functions across all stores would be extremely beneficial. This paper go out outline the major factors and benefits by applying risk management principles to ensure a secure and effective system.Risk Management PrinciplesAccording to Whitman and Mattord (2010), risk management is a collaborative effort involving Information warrantor system, information technology, management, and users. It is important to involve all of these aras to devise a comprehensive and effective risk management strategy. The major principles overwhelm identifying risks, quantifying risks, plan for risks, and monitor and manage risks. The first stage is risk identification. This is when the organizations managers identifies all of its assets and classifies them into meaningful categories in addition to prioritizing them by importance. Assets include various components such as people, processes, data, and all elements of information technology. assembly information on assets such as the people aspect processes, and data could be challenging because they are not always documented and readily available.The information gathered for people may include situation titles, the title of his or her supervisor, security levels, and skills. Information collectedfor processes may include procedure description, purpose, IT connections, document terminal location for reference and updates. After listin g out the assets, the next step is to classify them into categories such as people, data, software, and hardware and then classify each asset into sub-categories such as confidential, internal, and public. Applying value or trespass to each asset is next by determining its tinyity to the business. Questions that may help to assigning a value may include Which assets generates the highest profitability?, or Which asset would impede business functions if it were compromised? Quantifying risks provides the framework for executives to collide with informed decisions in relation to cost and resources surrounding security. All of the steps outlined above is essential in the risk identification stage (Whitman and Mattord, 2010).After completing the risk identification process where all assets are identified and classified, the next phase is to determine the potential threat source and potential vulnerability. more or less common threat sources include natural threats, human threats, an d environmental threats. According to the National Institute of Standards and applied science (2002), a threat is an exploitation of a vulnerability caused by a threat source. The NIST publication suggests the undermentioned identifying a threat source, indicating the motivation of source, and outlining the threat actions. This practice will help determine the likelihood of a threat taking advantage of a system vulnerability. Next in the process is identifying vulnerabilities. Vulnerability is a weakness or flaw in procedures or controls applied to a system. Identifying potential vulnerabilities will help an organization put controls in place to mitigate risks associated with vulnerabilities.Risk mitigation involves a systematic cuddle in reducing the exposure to a risk and the likelihood of it occurring. Mitigating defined risks is the gateway for the development of processes and controls to overturn the likelihood of a threat. Having prevention mechanisms that include policies and controls is best practice in regard to securing assets therefore it is critical that Kudler Fine Foods determines the best risk management process that fits their business requirements and needs. Because technology is consistently growing and changing, hinderance measures must include flexibility to allow for change and growth. Without these considerations, a business could jeopardize themselves by constricting the ability to expand or even update the systemswith necessary security patches. Preventative measures should include next growth. As technology grows, risks increase. Protection mechanisms will change as new threats are introduced to business as fountainhead as new legislations.Many security standards are based on data guard regulations and as laws change or new laws are introduced, information technology is the most dear(p) element in ensuring compliance. There could be costly ramifications with poor planning. Risk avoidance can be costly and inconvenient but it w ould be more costly and inconvenient when a security issue occurs. A risk assessment would be the first step to take when determining whether to chance a true risk or not. Determining what the assets are and understanding the impact on the business if a security incident occurs is important.It is also important for businesses to understand regulations and what is necessary to comply with certain(p) laws and requirements. Kudler Fine Foods must transport risk analysis and ask themselves What is the risk of not applying preventative measures? and What would it cost to recover from a certain attack? Legal ramifications could result if a security breach occurs. This could include steep financial penalties as well as jeopardizing company reputation.The table below outlines examples of risk, vulnerability, and mitigation strategy.RiskVulnerabilityMitigation schemaHardware failureHardware could fail and impede business. Systems could be unavailable for an undetermined amount of time. n ominate security policy to ensure all hardware is kept up to date with current patches and upgrades.substance abuser trainingInsufficient training of end-users leads to improper use of application which could compromise data or systems. frame detailed training documentation and implement a user training program. Ensure all users get into in training. Deliberate network attacksPotential Malware and Denial of Service attacks. Could lead to exposure of sensitive information. devour policy to ensure adequate firewallprotection, anti-malware software, and install Intrusion Detection System.ConclusionIt is important for businesses such as Kudler Fine Foods to employ a risk management strategy to protect its assets and reputation. Without an effective risk management process the company will be vulnerable to various threats. It is Kudler Fine Foods responsibility to determine what mechanisms should be applied and how it will maintain a secure environment for its own business objectives as well as meeting required regulations. The risk management process is the primary method in facilitating security objectives.ReferencesWhitman,M.E., & Mattord, H. J. (2010). Management of information security(3rded.). Boston, MA Course Technology/Cengage Learning National Institute of Standards and Technology. (2002). Retrieved from http//csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pd

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.