wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Expressing and Measuring Risk (Risk Management)

profile
Bhakti Rathod
Aug 28, 2022
0 Likes
0 Discussions
114 Reads

What is Risk Management?

  • Risk management is the process of identifying, assessing and controlling financial, legal, strategic and security risks to an organization's capital and earnings.
  • Risks can come from various sources including uncertainty in international markets, threats from project failures (at any phase in design, development, production, or sustaining of life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause.

What is Expressing And Measuring Risk?

Assets:

  • Assets in an organization are usually diverse. Because of this diversity, it is likely that some assets that have a known monetary value (hardware) can be valued in the local currency, whereas others of a more qualitative nature (data or information) may be assigned a numerical value based on the organization’s perception of their value.
  • This value is assessed in terms of the assets’ importance to the organization or their potential value in different business opportunities.
  • The legal and business requirements are also taken into account, as are the impacts to the asset itself and to the

Vulnerabilities:

  • Vulnerabilities can be related to the physical environment of the system, to the personnel, management, and administration procedures and security measures within the organization, to the business operations and service delivery, or to the hardware, software, or communications equipment and facilities.
  • Vulnerabilities are reduced by installed security measures.

Harm:

  • The consequences of the occurrence of a security incident are a function of the likely impact the incident will have on the organization as a result of the harm that the organization assets will sustain.
  • Harm, in turn, is a function of the value of the assets to the organization.

Impact:

  • Impact is related to the degree of success of the incident. Impact is considered to have either an immediate (operational) effect or a future (business) effect that includes financial and market consequences. An immediate (operational) impact is either direct or indirect
  • A direct impact may result because of the financial replacement value of a lost (part of) asset or the cost of acquisition, configuration, and installation of the new asset or backup, or the cost of suspended operations resulting from the incident until the service provided by the asset(s) is restored.
  • An indirect impact may result because financial resources needed to replace or repair an asset would have been used elsewhere (opportunity cost), or owing to the cost of interrupted operations or to potential misuse of information obtained through a security breach, or because of the violation of statutory or regulatory obligations or of ethical codes of conduct.

Threats:

  • Threats can be classified as deliberate or accidental.
  • The likelihood of deliberate threats depends on the motivation, knowledge, capacity, and resources available to possible attackers and the attractiveness of assets to sophisticated attacks.
  • On the other hand, the likelihood of accidental threats can be estimated using statistics and experience.

Risk:

  • Information security risk “is measured in terms of a comibination of the likelihood of an event and its consequence.”
  • Because we are interested in events related to information security, we define an information security event as “an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant
  • Risk R is defined as the product of likelihood L of a security incident occurring times impact I that will be incurred to the organization owing to the incident: that is, R= L x I

 

 

Comments ()

Sign in

Read Next

Direct memory access

Blog banner

Principles of Service Operation

Blog banner

Operating System

Blog banner

Virtual memory

Blog banner

DIGITAL ECONOMY

Blog banner

GOOGLE

Blog banner

“CONSISTENCY” in Social Media Marketing

Blog banner

Processing Crime and Incident Scenes

Blog banner

Answer

Blog banner

Information of meesho company

Blog banner

Why You Should Not Use Free VPNs

Blog banner

ARTICAL ON MANAGEMENT SYSTEM

Blog banner

File system implementation

Blog banner

Concept and definition of m-commerce

Blog banner

OS Assignment 3 Deadlock

Blog banner

"Can Lisp do Machine Learning?"

Blog banner

(Input/Output) in os

Blog banner

CoWIN

Blog banner

The New Classic: Indo Western Patola Outfits for Today’s Woman

Blog banner

Study of Backdoor and Trojan tools

Blog banner

A Tourist’s Guide To Florida’s Rodeo Culture: What To Expect At The Arcadia Championship Rodeo

Blog banner

File management -disha parekh

Blog banner

Deadlock

Blog banner

LEMON PICKLE (NIMBU KA ACHAR)

Blog banner

Tiranga - Abbas Haveliwala

Blog banner

Hey Aryan here

Blog banner

TECHNOLOGY : BOON OR CURSE ?

Blog banner

Sage

Blog banner

The Peephole

Blog banner

Expert System In AI

Blog banner

OS ASSIGNMENT

Blog banner

Partnership in Learning: How Parent Involvement Shapes a Child’s Early Education

Blog banner

Ethical Hacking

Blog banner

Digital Balance: Keeping Children Mindful in the Screen Age

Blog banner

Supervised and unsupervised learning

Blog banner

FRIENDSHIP

Blog banner

Security Issues and Countermeasures

Blog banner

Multiprocessor and Multicore Organization

Blog banner

Does School Infrastructure Really Matter For Learning?

Blog banner

PODIO

Blog banner

Different Types of Data

Blog banner

Chicken Dum Biryani

Blog banner