wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Expressing and Measuring Risk (Risk Management)

profile
Bhakti Rathod
Aug 28, 2022
0 Likes
0 Discussions
114 Reads

What is Risk Management?

  • Risk management is the process of identifying, assessing and controlling financial, legal, strategic and security risks to an organization's capital and earnings.
  • Risks can come from various sources including uncertainty in international markets, threats from project failures (at any phase in design, development, production, or sustaining of life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause.

What is Expressing And Measuring Risk?

Assets:

  • Assets in an organization are usually diverse. Because of this diversity, it is likely that some assets that have a known monetary value (hardware) can be valued in the local currency, whereas others of a more qualitative nature (data or information) may be assigned a numerical value based on the organization’s perception of their value.
  • This value is assessed in terms of the assets’ importance to the organization or their potential value in different business opportunities.
  • The legal and business requirements are also taken into account, as are the impacts to the asset itself and to the

Vulnerabilities:

  • Vulnerabilities can be related to the physical environment of the system, to the personnel, management, and administration procedures and security measures within the organization, to the business operations and service delivery, or to the hardware, software, or communications equipment and facilities.
  • Vulnerabilities are reduced by installed security measures.

Harm:

  • The consequences of the occurrence of a security incident are a function of the likely impact the incident will have on the organization as a result of the harm that the organization assets will sustain.
  • Harm, in turn, is a function of the value of the assets to the organization.

Impact:

  • Impact is related to the degree of success of the incident. Impact is considered to have either an immediate (operational) effect or a future (business) effect that includes financial and market consequences. An immediate (operational) impact is either direct or indirect
  • A direct impact may result because of the financial replacement value of a lost (part of) asset or the cost of acquisition, configuration, and installation of the new asset or backup, or the cost of suspended operations resulting from the incident until the service provided by the asset(s) is restored.
  • An indirect impact may result because financial resources needed to replace or repair an asset would have been used elsewhere (opportunity cost), or owing to the cost of interrupted operations or to potential misuse of information obtained through a security breach, or because of the violation of statutory or regulatory obligations or of ethical codes of conduct.

Threats:

  • Threats can be classified as deliberate or accidental.
  • The likelihood of deliberate threats depends on the motivation, knowledge, capacity, and resources available to possible attackers and the attractiveness of assets to sophisticated attacks.
  • On the other hand, the likelihood of accidental threats can be estimated using statistics and experience.

Risk:

  • Information security risk “is measured in terms of a comibination of the likelihood of an event and its consequence.”
  • Because we are interested in events related to information security, we define an information security event as “an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant
  • Risk R is defined as the product of likelihood L of a security incident occurring times impact I that will be incurred to the organization owing to the incident: that is, R= L x I

 

 


Comments ()


Sign in

Read Next

SQL Injection

Blog banner

Deadlock and Starvation

Blog banner

Pilgrimage at LOC: A privilege and a paradox

Blog banner

Beauty of indian railway

Blog banner

Why Soft Skills Matter as Much as Grades?

Blog banner

IT Service Continuity Management

Blog banner

EVOLUTION OF MICROPROCESSOR

Blog banner

Analysis of Digital Evidence In Identity Theft Investigations

Blog banner

Global versus Indian Mental Health Differences

Blog banner

MQTT (MQ Telemetry Transport) in Data Science

Blog banner

Disk scheduling

Blog banner

Koinex is shutting down and here is how you can withdraw...

Blog banner

Memory

Blog banner

Smart Eating Habits for Office Professionals to Stay Healthy

Blog banner

Facebook marketing

Blog banner

Virtualisation

Blog banner

Evolution of Operating Systems

Blog banner

Rain

Blog banner

How covid-19 impacted Social media ad spend forecast globally

Blog banner

Race Condition

Blog banner

THE INPACT OF SOCIAL MEDIA!

Blog banner

How Preschool Annual Day Shapes Confidence, Emotions, and Growth

Blog banner

Zoho

Blog banner

Man In The Middle Attack

Blog banner

What is semaphore in operating system?

Blog banner

Security issues in Sensor Networks and gathering admissible evidence in Network Forensics

Blog banner

Guidelines for a low sodium diet.

Blog banner

GUIDE TO GIS

Blog banner

Social Media Marketing Trends 2022

Blog banner

Operating system

Blog banner

DMZ: Your Secret Weapon for Data Security

Blog banner

It's all about our Brain.- The Brain Metaphor

Blog banner

The Role of Summer Camps in Early Childhood Development

Blog banner

Paginng In OS

Blog banner

IOT- Internet Of Things

Blog banner

DATA VAULT

Blog banner

Why Summer Break Is Important for Emotional and Cognitive Growth?

Blog banner

Mesh Topology

Blog banner

Procedure For Corporate High-Tech Investigations

Blog banner

Operating system

Blog banner

OPERATING SYSTEM

Blog banner

Direct Memory Access

Blog banner