Analysis of the Fundamentals behind Risk Assessment: [Essay Example], 554 words GradesFixer

Haven't found the right essay?

Get an expert to write your essay!


Professional writers and researchers


Sources and citation are provided


3 hour delivery

This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Analysis of the Fundamentals behind Risk Assessment

Print Download now

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

Download PDF

Risk assessment process

Risk assessment involves determining the exposure of organizational operations towards threats which may interfere with normal functions and missions of the organization through information systems. Risk assessment process consists of a measure of well-functioning of the IT system in the likelihood of risk occurrence that can cause adverse effects. Risk assessment involves qualitative and quantitative approaches identifying the various risk factors threatening IT system of the organization. It identifies threats and the various loopholes that may be used in penetration of organization’s data systems by unauthorized entrants. Such include the time domain, target domain, resource domain and attack method domain by the attacker. Identification of existing vulnerabilities/weaknesses like lack of effective strategies of risk management, poor communication of the intra-agency, misalignment of organization architecture and poor architectural decisions (National Institute of Standards and Technology – NIST, 2012). Designing a response plan is important for protecting compromising organization’s IT system. It involves identification, evaluation, and decision on the most appropriate course of action to be taken in mitigating risk adverse effects. They require a combination of Tier 1, Tier 2 and Tier 3 activities like risk avoidance, risk management through data safety and sharing risk information with potential risk controllers (NIST, 2011).

The information security uses a top-down approach because there is consideration of various aspects like access rights to information. Normally, the culture of rights and powers in the organization follow the same pattern of top-bottom. Owing to this, the mandates and responsibilities of seniors are greater at the top of the hierarchy as compared to the bottom of the ladder. The necessity of having high trust with organizational information is at the top level rather than junior staff. Therefore, the authority to give directives and retain trust is more concentrated with higher impact at the top which translates to more effectiveness in using the top-bottom compared with a bottom-top approach.

The senior management impacts risk assessment and response plans through the provision of guidance on the appropriate decisions to be taken in risk management. The process involves various stages of detecting risks by identifying the weaknesses in the organizational information system. Senior management provides both tactical measures in responding to risks like the application of patches in identifying vulnerabilities and strategic measures of addressing threats. The management is responsible for identifying organizational elements that are responsible for responding to risks and measures to be taken. They offer a timeline for implementing measures towards and risk response as well as identifying the risk monitoring triggers (NIST, 2011). Management governs through monitoring the compliance of risk control measures, ensuring the effectiveness of the established measures and monitoring of any changes that may be necessary to implement.

Designing an IT implementation plans greatly requires support of senior management. There is lack of consensus in arriving at the conclusion and decisions on the way forward. Considering that maximum effectiveness is achieved through collaborative planning and implementation of the agreed plans, this fails to reflect due to the presence of leadership gap between the IT staff and the senior managers (NIST, 2012. Lack of leadership and their support causes managers to fail to realize the various challenges facing the IT staff and therefore substantial financial or human resources are not availed to make the necessary impact on risk management.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Cite this Essay

To export a reference to this article please select a referencing style below:

GradesFixer. (2019, March, 12) Analysis of the Fundamentals behind Risk Assessment. Retrived April 1, 2020, from
"Analysis of the Fundamentals behind Risk Assessment." GradesFixer, 12 Mar. 2019, Accessed 1 April 2020.
GradesFixer. 2019. Analysis of the Fundamentals behind Risk Assessment., viewed 1 April 2020, <>
GradesFixer. Analysis of the Fundamentals behind Risk Assessment. [Internet]. March 2019. [Accessed April 1, 2020]. Available from:

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.


Attention! this essay is not unique. You can get 100% plagiarism FREE essay in 30sec

Recieve 100% plagiarism-Free paper just for 4.99$ on email
get unique paper
*Public papers are open and may contain not unique content
download public sample

Sorry, we cannot unicalize this essay. You can order Unique paper and our professionals Rewrite it for you



Your essay sample has been sent.

Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

thanks-icon Order now

Hi there!

Are you interested in getting a customized paper?

Check it out!
Having trouble finding the perfect essay? We’ve got you covered. Hire a writer uses cookies. By continuing we’ll assume you board with our cookie policy.