A technical risk assessment procedure follows a Framework for every organization to handle a wide range of complex process and project to make sure that the risk arising in all the projects are assessed and handled feasibly. In this case, a small scale IT Company has implemented a technological environment and needs to conduct a technical risk analysis for which they have hired a consultant. A management report needs to be constructed in this regard to understand a clear statement of the technology project that is to be assessed and the overview of the recommendation to the management for which the merit of the project is based on for the risk assessment procedure. The entire risk assessment would be based on assets, vulnerabilities, threats and consequences that would be derived from the IT control framework. Along with that, the industry risk recommendations would also be specified for the project along with the key threats and the process to mitigate the threats. The impact that this mitigation process would have on the organization would also be described along with a brief summary of the protection mechanism that would be employed within the organization based on the people, culture and technology. In the end any further analysis of gaps and the reason they would be done will also be explained in the risk assessment report.
The organization on which the risk assessment is to be completed is basically a small scale software organization. This organization mostly deals with the working on innovative software which plans to sell or provide services to the customers in near future. The organization stores its codes and documentation in specific servers that can be accessible via Internet. All the documentation and codes that are stored on servers are also public in nature. Even though the organization is a small scale software company, they have a considerable investment in this data corporation which is mainly developed for corporate purposes. Needless to say, the integrity and confidentiality of the data is thus extremely important. There is a number of staff in this organization that is responsible for the management of the server infrastructure although there are many people across the organization that has the idea of the administrative passwords. This is done only because there is a lack of a full-time administrator in the business right at this point of time and this is why people have the knowledge about the administration password to make sure that anybody can work as a part-time administrator when needed. The administration of the service and systems are the key role of the several developers but they have limited skill based on the administration services for the organization. write at this point of time the employees in the organization is enjoying a free and unrestricted access to the internet but realistically they only need to browse certain websites on the Internet and therefore the management is keen on implementing a system that would minimize the cost of accessing the web resources.
Every business can face more or less threads while conducting the business processes. Therefore it should be implemented within the business process that a proper risk management is held in strategic management system to identify an address all the risk that the business is currently facing so that the likelihood of achieving business objectives in the most feasible way is achieved. Otherwise there are many ways in which these risks can destroy the operations of a business. there is management process normally involves a methodological identifying of the risk that might surround the business activities, the assessing of the priority and likelihood of the risk that might be occurring and its impact on the business events, the understanding of mitigating the risks and responding to the events, putting particular systems in place for dealing with the consequences and monitoring the effectiveness for the disk management approaches and controls.
In this way it would be easier to process the risk management procedure, which also has a number of ways by which a business decision making, prioritization and planning is improved along with the allocation of capital and resources in a more efficiently.
There are several types of IT related risks that a business can face. It can either be strategic, compliance, financial or operational. On the other hand the risks can also be environmental, employee risk, political and economical as well as health and safety related. However since this organization is a small scale software organization, mostly it is assume that the risks that might occur in this particular case might be the operational systems and information technology systems.
According to the information about the organization, it is found that the organization is trying to work on innovative software system and has a plan to sell them to the customers in near future. For this the organization is storing its documentation and codes in server systems and temporary staff or managing those codes and documentation which are publicly accessible via Internet. There are other problems as well within the organization which are handled by the following departments in the organization:
The organization also uses service to perform its core business including the infrastructure of the organization. The infrastructure of the organization can be described in details. The organization uses a number of servers to perform its core business. The servers are not very busy. In total there are six servers. These servers include a CIFS (Windows File Sharing) Server (running on a Windows NT server), Windows Active Directory Server (running on a Windows NT server), Apache Web Server (running on Mac OS X machine), Development Server (typically accessed using telnet and ftp) (running on Linux), Exchange Server (running on a Windows NT Server) and Oracle Server (running on a Solaris – Sun machine). Each of these servers is independent machines with vanilla installs of the operating system. The servers are not running the latest operating systems nor have they been patched. These machines have publicly accessible addresses and hence can be access from the Internet.
The servers are commodity x86 boxes or servers that have been acquired through various means i.e. the Sparc Station was purchased from Ebay by some employee’s who wanted to learn Solaris and the Mac, well it was purchased because there is a Mac head in the organization who really loves Mac’s.
There is no maintenance on either the hardware or software. Some of the servers are over five years old e.g. the Sparc Station.
According to the discussion about the organization, the following can be identified as the key threats in the operations of the organization:
According to the critical analysis of the entire organization, the following approaches have been selected as the processes by which the security risks are on the verge of being mitigated. Therefore it is suggested that the following processes are involved within the system to make sure that there are no risks in pending along with the vulnerability of the organization regarding its Information Technology system:
There are chances that the organization can further have the impact on the impending risks that are already creating an impact on the entire system of the organization. Since the organization is a small scale software company, it can greatly impact the financial systems and other resources of the organization making the business fail in the near future. this is why it is required that any further analysis of upcoming risks are done before declaring the risk management program so that the company would be ready for mitigating on the upcoming threats and vulnerabilities that the company might face constantly. Along with that it is also important that the risk assessment is done in a continual manner; so that the organization is always steer clear of any kind of threats from external sources.
Conclusion
Therefore in conclusion it can be said that the business for this particular small scale software organization has various impending risks that should be minimized or assessed through the risk management analysis process so that they do not make the organization more vulnerable to the external threats as well as the internal threats. Right now the company is at available position where the operational process can fail due to the various problem that is also already been detected within the system. proper methodology is followed to find out the vulnerabilities and the risk that are found within the system along with the goals and key terms used in the risk management and assessment of IT risks in business terms. In addition to that the identification and discussion of the three threads has also been explained in this report with a critical analysis of the various approaches generated for mitigating the security risks has been described. The processes by which the risk introduced is generated within the organization are explained in the report along with the critical analysis of the impact of these risk mitigation processes on the business operation. In the end, there is also a rationale for identifying any gaps for further analysis that describes why the risk mitigation and assessment process needs to continue within the operations of the business to make sure that the business is not being vulnerable to any kind of external threats in the future.
References
Chockalingam, S., Hadžiosmanovi?, D., Pieters, W., Teixeira, A., & van Gelder, P. (2016, October). Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In International Conference on Critical Information Infrastructures Security (pp. 50-62). Springer, Cham.
Farland, W., & Dourson, M. (2018). Noncancer health endpoints: approaches to quantitative risk assessment. In Comparative environmental risk assessment (pp. 87-106). CRC Press.
Gadyatskaya, O., Harpes, C., Mauw, S., Muller, C., & Muller, S. (2016, June). Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees. In International Workshop on Graphical Models for Security (pp. 80-93). Springer, Cham.
Jouini, M., & Rabai, L. B. A. (2016). Comparative Study of Information Security Risk Assessment Models for Cloud Computing systems. Procedia Computer Science, 83, 1084-1089.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.
Lehmann, J., & Joseph, S. (Eds.). (2015). Biochar for environmental management: science, technology and implementation. Routledge.
Lund, S. H., Aspelund, T., Kirby, P., Russell, G., Einarsson, S., Palsson, O., & Stefánsson, E. (2016). Individualised risk assessment for diabetic retinopathy and optimisation of screening intervals: a scientific approach to reducing healthcare costs. British Journal of Ophthalmology, 100(5), 683-687.
Mehrjoo, M., & Pasek, Z. J. (2016). Risk assessment for the supply chain of fast fashion apparel industry: a system dynamics framework. International Journal of Production Research, 54(1), 28-48.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sandman, P. M. (2017). Environmental risk and the press. Routledge.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information security risk assessment (ISRA). Computers & security, 57, 14-30.
Suter II, G. W. (2016). Ecological risk assessment. CRC press.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download