Directory Image
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.

Risk analysis

Author: Janet Peter
by Janet Peter
Posted: Mar 20, 2019
risk analysis

Introduction

Risk analysis is a vital element that can be useful in addressing the information security and infrastructure protection. Organizations need to make a plan that will ensure that they can have an effective response to any prevalent risk that might pose a threat to their infrastructure and information. Risks are normally uncertain events or conditions that occur, and they set back the objectives of any project (Akintoye & MacLeod, 1997). If companies or individuals have to curb the likelihood of information systems insecurity due to the problem with identity management, there should be a plan in hand to take care of that (Heinz-Peter, 2010). The formal written plan helps the entire company to respond efficiently and speedily to risks and also minimize damage caused to business assets including data.

Objectives and goals of performing a risk analysis on information and infrastructure protection

Typically a qualitative risk analysis recognizes the risks whose occurrence is so likely or the one whose consequences are so serious to warrant for further quantitative analysis. The key purpose of risk analysis is to combine the effects of the different identified risk events and try to find ways of mitigating them as well as preventing them if possible. Another purpose of risk analysis is to determine the cost and also to quantify individual impacts of the high-risk events. The overall effects of risk analysis are not only to compute numerical risk values, but also to offer a basis for determining the effectiveness of risk management and allocation strategies (Birch & McEvoy, 1992). Another goal of risk analysis is in the provision of the reasons to justify the decisions of infrastructure as well as information protection expenditure.

Target audience for risk analysis

The target for the risk analysis is the management as they are the ones who give a go ahead for any project to go on. They are the ones who finance the projects, and that is the reason risk analysis targets them as the audience. Another audience for risk analysis is the third parties who may be the financiers or rather insurers of the company assets. Risk analysis will be useful to them in deciding the premiums to exact the business or organization in question before they enter into any contract with the enterprise. The risk analysis document, in this case, will be useful in defending any decision taken by any of the involved parties (Inforsectoday.com, 2010).

Steps necessary for performing a risk analysis

  1. Risk identification: Find out the existing as well as the possible risks that the organization might face. That can entail doing a consultation with the members of the organization and event planning services.
  2. Risk assessment: It involves working out both the likelihood of the identified threats in step 1 occurring and their possible impact. Decide what the threat might damage or destroy if it occurs.
  3. Identification of the methods to manage risks: Evaluation of the risks arising from the threats takes place to decide the adequacy of the existing precautions or if more is in the requirement. Put in place a contingency plan so as to minimize the effect of the risk if it happens.
  4. Implementation: Recording of the findings takes place. In this step, there is also stating of how the controlling of the threats should take effect to prevent them.
  5. Management and evaluation: These allow the organization to determine the significance of risks to their infrastructure and information safety. That will help the company to decide if they should accept those risks or take action in preventing or minimizing them. The measures the organization should take ought to be in the most cost effective way.

Types of securities to include in the risk analysis for recommendation purposes

There should be physical security mechanisms such as proper storage of the organizational assets. That will minimize their exposure to risks that might lead to damage or destruction of those assets. Also, an electronic security system is another type of security that is necessary so as to identify automatically the security threats and raise alarm calling for response action. There should also security personnel in place to identify the security threats and try to address them or report to the relevant authority.

How to mitigate a security threat and address it accordingly?

Given a particular risk, there are five ways to alleviate that risk, and they include avoidance, reduction, spreading transfer and acceptance of the risk (Madrid.org, n.d). Most security programs have the goal of reducing the risk by trying to try a less risky option. That will entail finding an alternative route that will help to evade the threat and by so doing the company infrastructure and the information will be secure from that particular threat. Another way is to prevent access to the identified hazards. The identification of risks helps the organization to understand the characteristics of the risks so as to prevent their occurrence in the future. It entails putting mechanisms in place to track and block the occurrence of those risks. In the case of information security threats such as viruses or worms, use the antivirus software to mitigate them.

Risk mitigation involves decreasing the threat level through the elimination of or interception of the adversary before they attack and blocking opportunities of the threats (Threat Analysis Group, 2014). It also entails reducing consequences of the threats in case an attack should occur. The best strategy to address and mitigate security threats is to have a combination of the three approaches that is, reducing the threats, blocking their opportunities and reduction of consequences. A strategy that is sound for mitigating the security threats is the one that maximizes the existing security resources. It should prioritize the company security policies first, and then systems and lastly personnel. It should not overstretch the available resources because that might be too expensive when there exist alternative methods to go about it which are cheaper.

Conclusion

Risk analysis is vital for any organization for the purpose of safety of their infrastructure and information. Threats to information and infrastructure security always come by without warning. It is by reason of this factor that companies should analyze the likelihood of risks that threaten the safety of their assets and have concrete plans on how to address them. It makes the organizations plan for them rather than being in a dilemma of how to go about in the event of any emergency. A properly documented risk analysis plan will defend any action taken by the company security response team in the case of any disaster (Ho, & Pike, 1992). The plans for addressing the security risks need to be clear, and they should be entirely applicable when needed.

References

Akintoye, A. & MacLeod, M. (1997). Risk analysis and management in construction. International journal of project management, 15(1): 31-38.

Birch, D. & McEvoy, M. (1992) 'Risk analysis for information systems.' Journal of Information Technology, 7 (1) 44-53

Heinz-Peter, B. (2010). Risk management: Procedures, methods and experiences. RT @ A journal, 1(17).

Ho, S. & Pike, R. (1992) 'The use of risk analysis techniques in capital investment appraisal' in Risk Analysis Assessment and Management (Eds), John Wiley and Sons, NY pp. 71-94

Inforsectoday.com (2010). Introduction to risk analysis.

Madrid.org (n.d). Risk analysis and quantification.

Threat Analysis Group (2014). Risk mitigation.

Carolyn Morgan is the author of this paper. A senior editor at Melda Research in nursing writing services if you need a similar paper you can place your order for a custom research paper from medicine essay writing.

About the Author

"Janet Peter is the Managing Director of a globally competitive essay writing company.

Rate this Article
Leave a Comment
Author Thumbnail
I Agree:
Comment 
Pictures
Author: Janet Peter
Premium Member

Janet Peter

Member since: Dec 11, 2017
Published articles: 349

Related Articles