risk management systems

Topics: Risk management, Security, Risk Pages: 4 (906 words) Published: February 9, 2014
In designing security for an information management system, risk management has to be implemented which consists of following steps: Risk identification
Risk assessment
Development of risk control strategies
Risk Identification
The first step in the process of managing risk is to identify potential risks. Risks are events which when occur in an information management system can cause problems. Hence risk identification starts with the source of problems. There are various means through which an organization can identify risks. These are source analysis, which identifies internal and external risks and problem analysis which identifies risks related to threats. Common risk identification methods which fall under these categories are: Objectives-based risk identification: Events which endanger achieving an objective is identified as risk Scenario-based risk identification: different scenarios are created and events which trigger unidentified scenarios are classified as risks. Taxonomy based risk identification: is the breakdown of possible risk sources. Common risk checking: a list of known risks is created

Risk Assessment
Once risks are identified, they must be assessed on severity and probability of occurrence. Sometimes these are easy to measure and sometimes it may be difficult to measure, therefore to increase the effectiveness of plan, best possible guesses have to be made. The most difficult part in risk assessment is determining the rate of occurrence since limited statistical information is available on past incidents. There are several risk formulae, the most widely used one is: Risk = Rate of occurrence * impact of the event

Development of Risk Control Strategies
Once risk has been identified and the impact assessed, appropriate risk control strategies can be developed. These strategies ensure that risk gets contained in the organization environment and no major impact occurs. The goal of recommended control is to reduce the level of risk to...

References: 1. Risk management. (n.d). Retrieved from http://en.wikipedia.org/wiki/Risk_management
2. Stonebumer, Gary, Goguen, Alice, & Feringa, Alexis (July 2002). Risk Management Guide for Information Technology Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Risk Management Essay
  • Project Techniques and Risk Management Essay
  • Risk management
  • RISK MANAGEMENT Essay
  • Risk Management Essay
  • Risk Management Essay
  • Risk Management Essay
  • The Role of Risk Management in Project Management Essay

Become a StudyMode Member

Sign Up - It's Free