Risk Assessment: Mcbride Financial Services

McBride Financial Services is a virtual organization at University of Phoenix that provides mortgage services for its members. McBride has as its stated goal to be a "preeminent provider of low cost mortgage services using state-of-the-art technology in the five state areas of Idaho, Montana, Wyoming, North Dakota, South Dakota." McBride provides serves for three primary groups of mortgage seekers: professionals purchasing a primary or secondary residence, retirees purchasing a primary or secondary residence, and families and/or individuals purchasing recreational properties.
The goal of the company is to provide mortgage services at a fixed low rate of $1500 to approved applicants. In order to be able to optimally provide these services, it is necessary to calculate the organization risks and develop a plan to mitigate the risks. The risk assessment will identify the approaches to be implemented for elimination of avoidable risks and the minimization of the risks that are unavoidable. The discussions following will limit the risk assessment to IT related issues: security, auditing and disaster recovery.
Risk assessment is determining two quantities of the risk, the magnitude of the potential loss and the probability that the loss will occur. Risk assessment then is a step in the risk management process, http://en.wikipedia.org/wiki/Risk_Assessment. An organization has to have policies in place to identify and manage risks. Oldfield and Santomero (n.d.) developed the following guidelines to successfully implement the risk management policy set up by the business:
• It has to be integral to the firm 's business plan.
• It has to define a measure of risks in each business consistently across the firm.
• Initiate procedures for risk managing at the point nearest to the assumption of risk.
• Develop databases and measurement systems in accord with business practices.
• Install comprehensive risk management system to evaluate individual, business, and firm level

References: Dean, T. (2002). "Network+ Guide to Networks, 2nd Ed" Thompson Course Technology Dubie, D. (2006). "Managing risk: new reality for IT security executives" Network World. http://www.iwar.org.uk/comsec/resources/sa-tools. https://ecampus.phoenix.edu/secure/aapd/CIST/VOP/Business/McBride/IT/McBrideITWeb001.htm Mackie, A. (2000). "Information Protection Centers – An Organizational Approach to Security." SecurityFocus.com [www.securityfocus.com/infocus/1451] Oldfield, G. S., and Santomero, A. M. (n.d) The Place of Risk Management in Financial Institutions http://www.gloriamundi.org/picsresources/goas.pdf Rodney G. (2005) "Hacker Mitnick preaches social engineering awareness," Computerworld Today (Australia) July 22. Sharick, P. (2002). Techniques for Establishing Highly Secure Systems, Windows IT Security, June 2002 Edition. Stoneburner, G., Goguen, A., and Feringa, A. (2002). "Risk Management Guide for Information Technology Systems." NIST. Van der Walt, Charl. (2002). "Assessing Internet Security Risk, Part 1: What is Risk Assessment?" SecurityFocus.com [www.securityfocus.com/infocus/1263] c