Risk Assessment Case Study

1680 Words7 Pages

A Risk assessment is prepared to allow businesses to assess, identify and amend their security position. This enables security personnel to view the organization from an attacker’s viewpoint. The process helps companies gain management support for modifications to the security posture, hardware and software devices to gain protection from external threats. (Gibson, 07/2014, p. 61). Risk acceptance should not be confused with risk arrogance. Risk acceptance should be an outcome of careful planning and attention to an assessment of the risk, and possible controls or other strategies for managing risk. Risk overconfidence or risk sightlessness arises when a company does not sufficiently evaluate and plan for risks.
…show more content…
• Identify how bad it could be if it happens.

b. Analyze
Organizations use two common methods to analyze risk:
• Qualitative risk analysis o Qualitative risk analysis uses a corresponding ranking to manage risk responses. This technique utilizes risk likelihood and risk impact. Risk possibility is significant since it measures how likely it is a risk will occur.
• Quantitative risk analysis o Quantitative risk analysis is the second risk-analysis method. It uses mathematical equations and figures to estimate risk severity. The purpose of quantitative risk analysis is to quantify potential consequences of risks, discover the events of outcomes, identify high-impact risks, and develop strategies based on risks (Kim, 07/2013, p. 132).

c. Prioritizing
Prioritize the risks in order of importance. When ranking risks remember to consider how soon it could transpire, the losses and costs if it does happen, and if this occurrence would affect day to day operations. The greatest risks are the ones that cause the most damage to life, structures, business, finance, or the environment. A person may not be able to prevent every risk they may face; however, they can be ready for
…show more content…
a. Threats allow organizations to identify anything that can go wrong
b. Vulnerabilities make a system more prone to an attack
c. Controls involve protecting vulnerabilities to make an attack unsuccessful

When managing a company's risk assessment plan, the proper preparation and information handling can make all the difference in formulating a business continuity strategy. A proper risk analysis procedure can strengthen all organization's comprehensive business continuity plan.
• Identify the scope of the risk assessment
• Establish ties to earlier formed business impact analysis results
• Determine the level of detail to which you plan to conduct the risk assessment
• Identify internal and external sources
• Secure management approval
A well-run IT system that is well configured and managed tends to be more secure. Selected team members who are trustworthy and who would not use their knowledge of the company’s systems for criminal behavior. Risk appetite is the company willing to take certain types of risks with a potential of higher gain or

More about Risk Assessment Case Study

Open Document