StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information System Risk Management - Report Example

Cite this document
Summary
This report "Information System Risk Management" presents an information system that is not an exception to this rule and requires preemptive measures in order to ensure smooth working and avoid any damages. The damages can have a grave impact on the entire idea and project…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.2% of users find it useful

Extract of sample "Information System Risk Management"

Information System Risk Management Everything in this universe ranging from small entities to large ones, is vulnerable to mishaps and unforeseen situations, and therefore, needs arrangements of their kind to avoid any losses and damages in turbulent situations .The damages could be in various forms and can have grave impact on the entire idea and project. Information system is not an exception to this rule and requires preemptive measures in order to ensure smooth working and avoid any damages. A separate discipline exists in this regard that provides specialization for emergency situations. The field can be termed as emergency management discipline or risk management discipline, and it can be defined as field that looks into those sectors of an entity that are vulnerable to external factors and can have negative impact on the organization, life of project or individuals. Risk management has prevailed over last few decades as an essential component of any organization and task, and awareness has been created in this regard and its need has been realized. A common saying goes about management of unforeseen situation and that is “a stitch in time saves nine” (McDaniels & Small, 2004). This phrase applies aptly to the field of risk management and little effort done in time can save large effort needed on rescue and survival later. Information system is a setup consisting of various components which make up an information system, the components of which include hardware, software, and group of personnel specialized in the field of information and technology facilitating the basic components of a management project that are namely planning, controlling, leading, staffing (Stair, Reynolds, 2009).The hardwares can be in form of switches, routers, computers and other connecting devices. Softwares can be of data bases, the manual function softwares , simulation softwares. Information security is a related term which is associated with the proper working of an organization or project by mitigating all the challenges and threats faced by it in form of risk management. It is the effort of ensuring that no malware or malicious act hampers the project mission and work (Rainer & Cegielski, 2009). Need for risk management in the field of information systems: Information system constitutes a large enterprise, and has many things at stake in it. The system encompasses not only the individuals and the company itself but also many other firms with it, therefore small negligence can have serious consequences on the entire scenario. For this reason management and risk evaluation are very important. Risk management allows the top management assessing the economic costs and evaluating the entire needs of project. The first step towards risk management is the understanding of threat. A common management statement tells us that the first step to solving the problem is defining and indentifying the problem. The same goes for risk management in the field of information system, the aim should be to identify the problem, This will be followed by the management and action policy, the final part constitutes the practical action. Risk element identification: The most important part of any effort is identifying its applications and the need. In case of information system assessment allows identification of those components and entities that can be a weak link in the entire product and family. This step requires establishment of proper team which acts to the need and identifies and then eliminates all those factors which could create any disturbance in the performance of the system. Based on the studies and analysis, proper recommendations are provided and actions are taken. The risk identification team plays an important role in the entire scenario and provides foundation for secure working in future. Any lapses at this stage or by the assigned team for this task can have serious impact on the further proceedings and can result in loopholes in the system and hence risk to the entire setup. Risk in terms of Information system: Just like any other field, information system field is equally prone to risks and emergency situations. Information system often gets confronted with a number of unforeseen situations. Mitigating the risk requires applying the right kind of strategy and right choice of tool and technique. These include system failure in form of the components going down, the components maybe the hardware or software, other risks might include security breach, important personnel loss due to various reasons, stoppage of funds, contract disputes, and other natural hurdles. Threats from human side are important part of it, and they can be either intentional or unintentional. In unintentional risks from human end, it could be the loss of data, error in reporting, inability at a point, or any other reason that is not being done deliberately. Risk can be in form of break in link, since most of the activities are performed through internet connections and servers. Any drop down in the network or any hardware failure can result in the entire system going down, hence this also serves as a threat in this regard (Wu, 2010). Components of risk: Risk can have different faces, it can be either a threat itself, or a source of threat, depending on the scale of threat and danger, and it can have different repercussions on the information system in place. Some risks might be of large scale that can damage the entire structure of organization and system, while others might only damage a section or cause a hurdle at particular point. Though small or large, all must be dealt with equal care and importance since it stops the way of progress. Likelihood relationship concept: Confidentiality Integrity Availability Low Limited impact on organization Limited impact Limited impact Moderate Relatively serious impact Relatively serious impact Relatively serious impact High Grave consequences Grave consequences Grave consequences The likelihood relationship provides the probability in terms of high, low and moderate scales. Internal risks: the internal risks can come from the hardware, the personnel involved, the software implemented the assets stability factor, data loss from internal sources and employees also serve as an internal risk. External Risks: external risks can include the malware attacks on the system and software. In modern times viruses on internal scale and Trojans and other malicious softwares play part as an external threat, and their elimination is vital. The smooth running of corporation with external organizations also serves as an external threat. Similarly, the natural disasters, which are not in the human control, fall in this category and can have negative impact on the system, the stability of government and the situation (Kouns & Minoli, 2011). Identifying vulnerabilities: Various vulnerability measurement schemes and analysis can be applied in this regard. The vulnerability criterion dealing section contains various tools and techniques and tests for evaluating the risk to the organization. This in brief includes the following: Vulnerability scanners: various softwares can be installed for this purpose that serve the purpose of screening out the data and material which can cause any damage to the enterprise Penetration testing: this is a pilot test of the security layer, and the activities performed in this stage mostly include the monitoring of the operational tasks. Operational Audit: this kind of testing looks into the practical implementation and the documented rules that are available and stated as the standard operating procedures. All these activities help identifying vulnerabilities and enable the responsible ones to address all those areas which can cause any problem (Antón, 2003). Risk management handlers: the risk management task is part of the organization and requires input from the entire unit. Each member of the team has the responsibility of ensuring risk free work and identifying all those areas that can create any problem, and should further proceed by informing the concerned authorities. Threat vulnerability (T-V) relationship: A concept exists in the risk management field that co-relates the threat and vulnerability. It is the cause and effect case where there is an action to planning phenomena amongst these two which are quite vital for each other and mitigating the risks faced by information system (Park, Zhan, & Lee, 2009). Qualitative vs. Quantitative assessment: The qualitative assessment tool helps in prioritization and allows targeting of those areas that are relatively more prone to threats and require efforts on urgent scale. The quantitative assessment, on other hand, provides the degree of measure of the threat faced by the system in a certain proportionate value. It provides a fixed numerical value. For any information related organization, to ensure success and smooth sailing, risk management should be made part of their agenda and project policies. Proper guidance and trainings should be provided in this regard in order to create awareness about this field and its importance. Over last few years this field has been encouraged in many multinational platforms. However, the need is to implement risk management schemes at grass root level in order to bring about relevant stability in the working and improve the working of organizations and ultimately win back the trust of customers. Backup: backup of the data and other valuables is always an option in mitigating the risk, since the information system bulk of the activities is associated with online handling. Hardware or software failure can always occur. For this purpose a multi tier structure must be developed where backups are available and even if a single element goes down, the back up in next tier should be available for ensuring the continued transmission. Bibliography: McDaniels, T., & Small, M. J. (2004). Risk Analysis and Society: An Interdisciplinary Characterization of the Field. UK: Cambridge University Press. p.188 Stair, R. M., Reynolds, G., & Reynolds, G. W. (2009). Principles of Information Systems. US: Cengage Learning Rainer, R. K., & Cegielski, C. G. (2009). Introduction to Information Systems: Enabling and Transforming Business. US: John Wiley and Sons Wu, D. D. (2010). Modeling Risk Management in Sustainable Construction. US: Springer Kouns, J., & Minoli, D. (2011). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. US: John Wiley & Sons. Antón, P. S. (2003). Finding and fixing vulnerabilities in information systems: the vulnerability assessment & mitigation methodology. US: Rand Corporation. Park, J. H., Zhan, J., & Lee, C. (2009). Advances in Information Security and Its Application: Third International Conference, ISA 2009. Seoul: Springer. p. 126 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information System Risk Management Report Example | Topics and Well Written Essays - 1500 words, n.d.)
Information System Risk Management Report Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1767680-information-system-risk-management
(Information System Risk Management Report Example | Topics and Well Written Essays - 1500 Words)
Information System Risk Management Report Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1767680-information-system-risk-management.
“Information System Risk Management Report Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1767680-information-system-risk-management.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information System Risk Management

Risk Management of UAE Academy

Information System Risk Management has become more important, particularly with the ever-changing risk climate.... This case study "risk management Process" discusses a vital discipline for every organization for achieving its goals and objectives.... hellip; The risk management process must follow a process of periodic assessment for continuous improvement.... The risk management framework for the 'UAE Academy' will primarily address the purpose followed by risk process, risk identification, Risk analysis along with qualitative or quantitative risk analysis, risk response planning, and risk monitoring controlling, and reporting....
9 Pages (2250 words) Case Study

Project Risk Management

Probable risks and their impacts According to Yeates & Cadle (1996), risk in project management is inevitable and it has to be taken into consideration when implementing a project in order for it to be a success.... The source of this risk is mainly as a result of poor project management.... Resistance to change by the employees is another risk that is likely to affect this project.... The other risk is related to lack of technical knowledge among the people involved in the implementation of the project....
4 Pages (1000 words) Assignment

Information System In Organizations

hellip; Because of increasing technology and unparalleled reliance to how organizations are run, the practice of ensuring that the security of the organization's information system is a vital aspect of an organization's survival (Willcocks, 1996). ... The success and continuing competitiveness of a modern organization depends on how they tap and use information and technology.... In this era, information technology is evident in every business practice, from the creation of business strategies to the direction of internet process of the organization....
5 Pages (1250 words) Essay

Information System Security

To ensure this, adequate and effective risk management practices must be in place – that is, risk management must be effectively integrated into an organization's existing security model, having readily available solutions for security threats and being ever vigilant for novel security threats as they develop.... he purpose of this study is to identify the role of risk management as part of the security model of modern information systems.... This Question will research how risk management is defined in the literature and of which components it consists of....
56 Pages (14000 words) Essay

Information Security

Every individual organization is open to the elements of worries which at times can influence the organization adversely (Elky, 2006)....
2 Pages (500 words) Essay

Risk and Security

An introduction to Information System Risk Management.... Potential Security ThreatsSome of the potential security threats for this company are as follows:Any employee can code significant parts of the management information system or place a password on these and use it to dictate his or her terms.... trategies to Minimize these Threats The first step in mitigating the security threats is to know about all the possible threats that an information system is vulnerable to....
1 Pages (250 words) Essay

Creating Effective Information Systems

In place of integrating several IT systems, an organization must develop and implement an individual system for the reason that a high intensity of complexity in within a project in consequence of huge scope could raise the risk of failure.... This report presents an analysis of the NHSs major NPFIT project, which was aimed at providing support for more than 40,000 GPs and 300 This project was aimed at implementing a number of IT processes such as medical information transformation, electronic prescriptions services, and a web based booking system....
10 Pages (2500 words) Essay

Exam Questions

5) Have management Support management support is vital for success.... The proactive approach for the Highway Authority is as follows: 1) Develop a Comprehensive Maintenance Program In addition to monitoring systems and regular maintenance, a risk assessment system is desirable.... 2) Perform risk Assessment to Determine High Risks High risks are avoidable by their identification and the application of systems.... 3) Apply risk Control Systems High-risk areas such as tunnels and highways could have additional specialized monitoring systems, and alternate systems for emergencies....
7 Pages (1750 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us