Risk Management Strategies

1713 Words4 Pages
Introduction The purpose of risk management is to protect an organization’s valuable assets information, hardware, and software. The purpose of risk management process is to identify and manage risks in such a way that a company is able to meet its strategic and financial targets. Risk management is a continuous process, by which the major risks are identified, listed and assessed, the key persons in charge of risk management are appointed and risks are prioritized according to an assessment scale in order to compare the effects and mutual significance of risks. It is very important that the organizations and business to be very well prepared to see what kind of risk we are facing, or the business can suffer in case of a major disaster. 1.1 Purpose This report aim to explain how is achieved risk control through strategies and through security management of information. 1.2 Objectives Describe how information assets are identified as exposed to risk, and how risk is identified and evaluated. Objectives are to place control measure to reduce specific vulnerabilities. Defining control objectives is the first step in deriving the corresponding control requirements to mitigate the risk associated with the vulnerability. 1.3 Definitions, Acronyms, and Abbreviations "Risk management is the part of analysis phase that identifies vulnerabilities in an organization's information system and take carefully reasoned steps to assure the confidentiality, integrity, and availability of all components in the organization's information system" (Management of Information Security - second Ed, Michael E. Whitman and Herbert J. Mattord) Risk is the potential loss resulting from the balance of threat, vulnerabilities, countermeasures, and value. ... ... middle of paper ... ...ity 4th ed. - M. Whitman - Cengage page 158) 2.1 General Categories of Control There are three categories of control: policies, programs and technical control. Controls can be classified as : • Directive • Preventive • Detective • Reactive 2.2 Risk Control Strategies Avoidance means to eliminate or reduce the remaining uncontrolled risks for the vulnerability, attempts to prevent the exploitation of the vulnerability. Transference means to attempts to shift the risk to other assets, other processes, or other organizations. Mitigation aim to reduce, by means of planning and preparation, the damage caused by the exploitation of vulnerability, aim to reduce the impact. Mitigation depends upon the ability to detect and respond to an attack as quickly as possible. Acceptance implies understanding the consequences and accepting the risk without control or mitigation.
Open Document