In the 21st century, the aspect of risk management is gaining popularity because of the increasing amounts of threats. Different malicious applications are posing a huge threat to IT systems as hackers and an unauthorized third party can gain access to confidential information. Risks in Information technology are a serious threat as it can cause uncertainty in an organization. In the organization of London Fire Brigade, risk management of IT is of utmost importance in order to protect sensitive information. Therefore through the aid of risk management, its strategic importance can be thoroughly understood.
According to the ISO3100, there are 11 principles of risk management which should be implemented in every organization in order to overcome any possible threats (iso.org, 2018). These principles are listed as follows:
According to the 11 principles of risk management, the various aspects which can be integrated into the IT infrastructure of the London Fire Brigade have been thoroughly accessed. Emerging threats such as virus and malware are making it risky for the storage of information in IT systems. The security breach is the biggest issue which is rising in the 21st century. Therefore, it is essential to formulate proper strategies through the process of IT risk management. A thorough assessment of the 11 principles also gave a clear view of the advantages of risk management. Therefore, the organization of the London Fire Brigade should implement necessary IT risk management strategies in order to identify potential threats. This process, in turn, would help in understanding the level of risks faced in a certain region and therefore, appropriate mitigation can be taken according to the IT risk management plan.
Process involved in creating risk management system for IT
Risk management is an essential part, especially in IT systems through which 80 to 90 per cent risks can reduce. The London Fire Bridge is a big organization; therefore, it is essential to implement a proper IT risk management system in order to protect sensitive data and information. Therefore, the London Fire Bridge is needed to follow the six steps of a process according to PMBOK guidelines in order to create an effective system. These steps are listed as follows:
Step 1: Identification of Risks
The first step in order to create a proper risk management plan for the IT infrastructure of the London Fire Brigade, it is essential to identify the potential threats. According to Bromiley et al. (2015), this aspect can be achieved through the help of through observation and collection of internal reports of the organization. It is necessary to implement a security team who would assess these reports collected from within the organization. Prior project reports on IT along with upcoming ones can be monitored through this process. Through this step, the possible process of external risks such as security breach by hackers can also be identified.
Step 2: Methods for risk analysis
The second step in creating an effective management plan is to analyze the possible methods through which risk can be identified. For understanding possible threats in IT, qualitative as well as quantitative methods can be applied by London Fire Brigade. The aspect of qualitative analysis can be done with the aid of a matrix chart (isaca.org, 2018). This can be measured by plotting the risk in a horizontal bar while starting its probability and impact in the vertical bar. In the process of quantitative analysis, the London Fire Brigade can use the concept of decision making a tree in order to access which risks consider more threat to the ones with less threat.
Step 3: Identification of risk triggers
Triggers can be defined as warning signs through which possible threats can be prevented. As forwarded by McNeil, Frey and Embrechts (2015), triggers give the opportunity to identify the potential threats so that they can be mitigated before it causes harm. In the organization of the London Fire Brigade, risk triggers such as warning protocols in IT system can help in early warning so that all information regarding stakeholders and risks strategies can be kept confidential.
Step 4: Ideas for risk resolution
Identification of risks and risk triggers gives a clear idea of the steps which should be taken in order to mitigate the risks. The IT systems of London Fire Brigade can mostly be affected by security breaches; therefore, various IT security measures such as antivirus are needed to be added. There are various antiviruses available in the market among which the most effective one is needed to be implemented upon the need of the organization. Coid et al. (2016), the process of encryption of data is another idea which can also be taken into consideration.
Step 5: Action Plan for risk resolution
After the fourth step, the appropriate decision can be taken regarding the mitigation method that is needed to be implemented in the organization of the London Fire Brigade. This step also takes the aspect of cost into consideration. A thorough assessment of the organization would help in determining the direction which should be taken for the action plan to be mitigated (Yin et al. 017). The IT security team is the key responsible department through which this action plan could be implemented to secure the IT systems of the organization.
Step 6: Responsibility and Accountability
The last process of creating a risk management system for the IT infrastructure of the London Fire Brigade is assigning specific tasks to the responsible person in the organization. A scheduled structure is needed to be followed through which regular checks in the IT system can be done (Kirat, Vigna and Kruegel, 2014). Other than this, according to the identified impact of the risk and probability, mitigation measures can be implemented by the IT security team to keep its information secure.
These six steps are the most important and needed to be followed in order to create a proper risk management system. The organization of London Fore Brigade would essentially benefit from the application of these six principles through which IT risks such as security breaches can be analyzed for proper mitigation process.
The 21st century is a world full of innovation and new challenges. Information technology is one such aspect which has been impacted the most.
Figure 1: Risk management in IT
(Source: gov.uk, 2018)
In accordance with the increase in cybersecurity issues, there have been some key trends which have been observed (Kappelman et al. 2014). These trends have been listed as follows:
Special focus on cyber attacks
Almost every organization of this generation is dependent on information technology. Numerous organizations proceed with business with their stakeholder through the aid of creative networks. According to Aven (2016), implementation of security strategy is gaining fast popularity in order to protect data from unauthorized access. The same can be stated for the organization of the London Fire Brigade. It uses information technology to access location, storage of important information as well as different strategies on firefighting. As manual data processing takes a lot of time, this organization prefers to use the system of information technology. Therefore, the main focus of the organization right now would be to increase security measurements in its IT infrastructure.
Cloud computing
Cloud computing might be the most popular among the key trends in the 21st century. It is a system of a storage device which has the capacity to handle data a thousand times more than a regular system (Rao and Selvamani, 2015). Through the aid of this data can be retrieved from this system by using web-based tools. It is an essential mitigation strategy where information can be stored in an external system with direct access to the computer database. However, according to Yin and Kaynak (2015), there are still a lot of steps to be taken in order for cloud computing to be hundred per cent effective. This is because external breach can occur if there is no tight online security. Therefore, the organization of the London Fire Brigade can utilize this aspect for storage of data and information but strict security measurements are needed to be taken to assure its safety.
Changes in regulation
The increased amount of cyber attacks have caused the changes I enforcement in rules and regulations regarding online security. According to the recent Data Protection Act 2018, it is essential to implement a strict online sensor in order to detect any potential threat (gov.uk, 2018). This Act essentially compliments Europe’s General Data Protection Regulation or GDPR through which highlights the importance of data protection for stakeholders of an organization. This act outlines that the responsibility of an organization to protect data and information including its own and its stakeholder’s. Therefore, it is absolutely necessary for the organization of the London Fire Brigade to integrate their policies and security measures according to this Act.
Implementation of machine learning
The aspect of machine learning is essentially an application of Artificial Intelligence which would provide the automatic ability for a system to keep itself updated. It is one of the latest buzzwords in the security world. As per the view of Kappelman et al. (2016), machine learning focuses on the development of computer programs. Therefore, it can be stated that the implementation of machine learning will bring in significant changes in the level of online security. Machine learning would not only help in detecting advanced cyber threat but also will provide adequate protection for data security. Moreover, this system would automatically be updated with the latest and most effective online security software, thus, providing it with additional security. Although machine learning is still in the process of development, its importance can thoroughly be understood. Therefore, the London Fire Brigade should implement this aspect when it is launched in the market. Through this, all data and information can be secured preserved without any risk.
Concentration on digital power
Security concerns are the main issue when it comes to anything digital. Therefore, alternative methods known as blockchain as well as edge computing are gaining more popularity. These aspects help in moving away from computing resources from the main centralized servers (Lam, 2014). This aspect not only elevates security but also provides adequate privacy to its stakeholders. The organization of the London Fire Brigade should implement such aspects so that its data can be stored in a decentralized manner to secure it from the unauthorized breach.
The above-stated list is the few key trends in the world of IT security. Some of these trends are already in use while some are being readied for future use. It is important to access such factors in order to stay updated about the latest online security measurements. Thus, these key trends helped in identifying the steps which should be taken for proper security by the organization of the London Fire Brigade
References
Aven, T., 2016. Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), pp.1-13.
Bromiley, P., McShane, M., Nair, A. and Rustambekov, E., 2015. Enterprise risk management: Review, critique, and research directions. Long range planning, 48(4), pp.265-276.
business.qld.gov.au, 2017, Information technology (IT) risk management, Available at: https://www.business.qld.gov.au/running-business/protecting-business/risk-management/it-risk-management [Accessed on: 10-09-2018]
Coid, J.W., Ullrich, S., Kallis, C., Freestone, M., Gonzalez, R., Bui, L., Igoumenou, A., Constantinou, A., Fenton, N., Marsh, W. and Yang, M., 2016. Conclusions and future directions for risk management tools using Bayesian networks, OS, 2(1), pp.1-16.
gov.uk, 2018, Data Protection Act 2018, Available at: https://www.gov.uk/government/collections/data-protection-act-2018 [Accesssed on: 10-09-2018]
isaca.org, 2018, Risk IT Framework for Management of IT Related Business Risks , Available at: https://www.isaca.org/knowledge-center/risk-it-it-risk-management/pages/default.aspx [Accessed on: 10-09-2018]
iso.org, 2018, ISO 31000:2009 Risk management- Principles and guidelines, Available at: https://www.iso.org/standard/43170.html [Accessed on: 10-09-2018]
Kappelman, L., McLean, E., Johnson, V. and Gerhart, N., 2014. The 2014 SIM IT key issues and trends study. MIS Quarterly Executive, 13(4), pp.237-263.
Kappelman, L., McLean, E., Johnson, V. and Torres, R., 2016. The 2015 SIM IT Issues and Trends Study. MIS Quarterly Executive, 15(1), pp.12-17.
Kirat, D., Vigna, G. and Kruegel, C., 2014. BareCloud: Bare-metal Analysis-based Evasive Malware Detection. In USENIX Security Symposium, 3(2), pp.287-301.
Lam, J., 2014. Enterprise risk management: from incentives to controls. New Jersey: John Wiley & Sons.
london-fire.gov.uk, 2018, About Us, Available at: https://www.london-fire.gov.uk/about-us/ [Accessed on: 10-09-2018]
McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative Risk Management: Concepts, Techniques and Tools-revised edition. New Jersey: Princeton university press.
moderngov.london-fire.gov.uk, 2018, Risk Management Strategy 2018-2021 [online], Available at: https://moderngov.london-fire.gov.uk/mgconvert2pdf.aspx?id=6739 [Accessed on: 10-09-2018]
Okoli, J., Watt, J., Weller, G. and Wong, W.B., 2016. The role of expertise in dynamic risk assessment: A reflection of the problem-solving strategies used by experienced fireground commanders. Risk Management, 18(1), pp.4-25.
Pena, A., Bonet, I., Lochmuller, C., Chiclana, F. and Góngora, M., 2018. Flexible inverse adaptive fuzzy inference model to identify the evolution of operational value at risk for improving operational risk management. Applied Soft Computing, 65(3), pp.614-631.
Rao, R.V. and Selvamani, K., 2015. Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48(1), pp.204-209.
Sadgrove, K., 2016. The complete guide to business risk management. Abingdon: Routledge.
Talet, A.N., Mat-Zin, R. and Houari, M., 2014. Risk management and information technology projects. International Journal of Digital Information and Wireless Communications (IJDIWC), 4(1), pp.1-9.
Yin, H.L., Wang, W.L., Tang, Y.L., Zhao, Q., Liu, H., Sun, X.X., Zhang, W.J., Li, H., Puthoor, I.V., You, L.X. and Andersson, E., 2017. Experimental measurement-device-independent quantum digital signatures over a metropolitan network. Physical Review A, 95(4), pp.38-42.
Yin, S. and Kaynak, O., 2015. Big data for modern industry: challenges and trends [point of view]. Proceedings of the IEEE, 103(2), pp.143-146
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download