Risk assessment involves determining the exposure of organizational operations towards threats which may interfere with normal functions and missions of the organization through information systems. Risk assessment process consists of a measure of well-functioning of the IT system in the likelihood of risk occurrence that can cause adverse effects. Risk assessment involves qualitative and quantitative approaches identifying the various risk factors threatening IT system of the organization.
Say no to plagiarism.
Get a tailor-made essay on
'Analysis of The Fundamentals Behind Risk Assessment'
It identifies threats and the various loopholes that may be used in penetration of organization’s data systems by unauthorized entrants. Such include the time domain, target domain, resource domain and attack method domain by the attacker. Identification of existing vulnerabilities/weaknesses like lack of effective strategies of risk management, poor communication of the intra-agency, misalignment of organization architecture and poor architectural decisions (National Institute of Standards and Technology – NIST, 2012).
Designing a response plan is important for protecting compromising organization’s IT system. It involves identification, evaluation, and decision on the most appropriate course of action to be taken in mitigating risk adverse effects. They require a combination of Tier 1, Tier 2 and Tier 3 activities like risk avoidance, risk management through data safety and sharing risk information with potential risk controllers (NIST, 2011).
The information security uses a top-down approach because there is consideration of various aspects like access rights to information. Normally, the culture of rights and powers in the organization follow the same pattern of top-bottom. Owing to this, the mandates and responsibilities of seniors are greater at the top of the hierarchy as compared to the bottom of the ladder. The necessity of having high trust with organizational information is at the top level rather than junior staff. Therefore, the authority to give directives and retain trust is more concentrated with higher impact at the top which translates to more effectiveness in using the top-bottom compared with a bottom-top approach.
The senior management impacts risk assessment and response plans through the provision of guidance on the appropriate decisions to be taken in risk management. The process involves various stages of detecting risks by identifying the weaknesses in the organizational information system. Senior management provides both tactical measures in responding to risks like the application of patches in identifying vulnerabilities and strategic measures of addressing threats. The management is responsible for identifying organizational elements that are responsible for responding to risks and measures to be taken. They offer a timeline for implementing measures towards and risk response as well as identifying the risk monitoring triggers (NIST, 2011). Management governs through monitoring the compliance of risk control measures, ensuring the effectiveness of the established measures and monitoring of any changes that may be necessary to implement.
Keep in mind:
This is only a sample.
Get a custom paper now from our expert writers.
Designing an IT implementation plans greatly requires support of senior management. There is lack of consensus in arriving at the conclusion and decisions on the way forward. Considering that maximum effectiveness is achieved through collaborative planning and implementation of the agreed plans, this fails to reflect due to the presence of leadership gap between the IT staff and the senior managers (NIST, 2012. Lack of leadership and their support causes managers to fail to realize the various challenges facing the IT staff and therefore substantial financial or human resources are not availed to make the necessary impact on risk management.
