Risk Assessment Report

Read Complete Research Material



Risk Assessment Report



Summary

The risks of IT services are linked to business operations, and mitigating these risks is critically significant in IT and corporate management. To determine the likelihood of threats to computer system, it is important to analyze the vulnerabilities and existing controls in relation to them. The assessment of risk in IT consists of different levels, which is described in this report. This report explains the assessment of risk associated with computer hardware and software, for the assessment of risk the OCTAVE approach is used. OCTAVE approach is contextual.

Introduction4

Risk Assessment Approach5

Step 1: An Assessment of Assets6

Step 2: Vulnerability of Assets8

Step 3: Probability and Severity of Damage9

Conclusion11

References12

Risk Assessment: The Case of the Becoming Company

Introduction

The task of writing a report was assigned by the teacher. The teacher has given the assignment to conduct a risk assessment of the case of The Becoming Company for the purpose of risk management which is the process of risk identification, risk assessment and action to reduce the risk to an acceptable level. Managing risk is one of the most important steps in achieving governance and management. The required information of for the risk assessment was provided by The Becoming Company. The research of the topic has shown that the risks of operating IT services are directly related to business operations, and mitigating these risks is critical in corporate management and IT. Managing IT Risk and Information Security means to recognize vulnerabilities and environmental threats evaluate them and propose controls (solutions and tools) to mitigate risks to acceptable levels (Tohidi, 2011).

The risk assessment of IT and Information Security is based on the elaboration of a risk matrix structured, which identifies the main items that compose the environment evaluated, specifying clearly their vulnerabilities and threats. Moreover, the matrix provides the exploitation of these vulnerabilities impact the threats and the likelihood of this occurrence. The risk then is the result of the function x Probability and Impact is estimated both quantitatively (numerical estimation) and qualitatively (conceptual estimate). Possession of the risk matrix is possible to specify the actions required to mitigate the risk, following the quantitative prioritization.

Risk Assessment Approach

Several different tools for the assessment of vulnerability are used to scan a group of computers or network for known vulnerable services (e.g. high number of administrators for a given server). Importantly, the tools analyze the vulnerability pure and simple, because it has no condition to know if that vulnerability potential is crucial to the operation of a particular system.

The assessment and security testing is a technique that can be used in the identification of vulnerabilities in information systems technology during the process of analysis / risk assessment. It includes the development and execution of test plans. The purpose of testing security systems is to verify the effectiveness of security controls, considering the way they are implemented in the operating environment (Spears & Barki, 2010).

The objective of risk management is to enable the organization can carry out its tasks, ...
Related Ads