'Applying Risk Management Essay\r'

' danger focusing is an consequential element in managing information systems. Applying assay management principals to trade procedures is essential because it servings systems design and maintain a safe systems environment to check out the confidentiality, integrity, and availability of follow data. Kudler finely Foods has expressed an interest in developing an Enterprise Resource Planning (ERP) system. The principal(a) design is to improve business administration by combine stores and business systems. Kudler Fine Foods has three stores in calcium and integrating business functions across any stores would be extremely beneficial. This paper will outline the major factors and benefits by applying peril management principles to ensure a secure and effective system.\r\nRisk solicitude Principles\r\n correspond to Whitman and Mattord (2010), try management is a collaborative apparent motion involving Information security measure, information engineering science, management, and users. It is important to involve all of these areas to devise a comprehensive and effective risk management strategy. The major principles accept identifying risks, quantifying risks, plan for risks, and reminder and manage risks. The first stage is risk identification. This is when the organization’s managers identifies all of its summations and classifies them into meaningful categories in attachment to prioritizing them by importance. Assets take various components such as plenty, processes, data, and all elements of information technology. Gathering information on assets such as the people aspect processes, and data could be challenging because they are not continuously documented and readily available.\r\nThe information gathered for people whitethorn entangle position titles, the title of his or her supervisor, security levels, and skills. Information collected for processes may include procedure description, purpose, IT connections, document storage location for germ and updates. After listing out the assets, the next pure tone is to classify them into categories such as people, data, software, and hardware and hence classify each asset into sub-categories such as confidential, internal, and public. Applying value or impact to each asset is next by find out its criticality to the business. Questions that may help to assigning a value may include; â€Å"Which assets generates the highest profitability?”, or â€Å"Which asset would clam up business functions if it were agreed?” Quantifying risks provides the framework for executives to make informed decisions in relation to personify and resources surrounding security. All of the step outlined above is essential in the risk identification stage (Whitman and Mattord, 2010).\r\nAfter completing the risk identification process where all assets are determine and classified, the next phase is to determine the potential bane source and potential vulnerab ility. Some common scourge sources include natural menaces, human threats, and environmental threats. tally to the National Institute of Standards and Technology (2002), a threat is an exploitation of a vulnerability caused by a threat source. The NIST publication suggests the following: identifying a threat source, indicating the motivation of source, and outlining the threat actions. This practice will help determine the likelihood of a threat winning advantage of a system vulnerability. Next in the process is identifying vulnerabilities. Vulnerability is a weakness or flaw in procedures or controls applied to a system. Identifying potential vulnerabilities will help an organization govern controls in place to mitigate risks associated with vulnerabilities.\r\nRisk moderation involves a systematic approach in trim the exposure to a risk and the likelihood of it occurring. Mitigating delineate risks is the gateway for the development of processes and controls to reduce the likelihood of a threat. Having prevention mechanisms that include policies and controls is trump out practice in regard to securing assets therefore it is critical that Kudler Fine Foods determines the best risk management process that fits their business requirements and needs. Because technology is consistently growing and changing, preventative measures must include flexibility to allow for switch over and growth. Without these considerations, a business could jeopardize themselves by restricting the ability to overstate or even update the systems with necessary security patches. Preventative measures should include future growth. As technology grows, risks increase. Protection mechanisms will change as modernistic threats are introduced to business as well as new legislations.\r\nMany security standards are ground on data fosterion regulations and as laws change or new laws are introduced, information technology is the most costly element in ensuring compliance. in that l ocation could be costly ramifications with poor planning. Risk escape can be costly and inconvenient tho it would be more costly and inconvenient when a security issue occurs. A risk mind would be the first step to take when determining whether to chance a original risk or not. Determining what the assets are and understanding the impact on the business if a security incident occurs is important.\r\nIt is besides important for businesses to understand regulations and what is necessary to comply with certain laws and requirements. Kudler Fine Foods must conduct risk digest and ask themselves â€Å"What is the risk of not applying preventative measures?” and â€Å"What would it cost to recover from a certain attack?” good ramifications could result if a security breach occurs. This could include steep financial penalties as well as jeopardizing accompany reputation.\r\nThe table below outlines examples of risk, vulnerability, and mitigation strategy.\r\nRisk\r\nV ulnerability\r\nMitigation Strategy\r\nHardware mishap\r\nHardware could fail and impede business. Systems could be unavailable for an undetermined amount of time. Create security indemnity to ensure all hardware is kept up to date with current patches and upgrades.\r\nUser readiness\r\n scant(predicate) reading of end-users runs to improper use of application which could compromise data or systems. Create detailed training documentation and implement a user training program. Ensure all users participate in training. delve network attacks\r\nPotential Malware and Denial of Service attacks. Could lead to exposure of sensitive information. Implement policy to ensure adequate firewall protection, anti-malware software, and install Intrusion Detection System.\r\n induction\r\nIt is important for businesses such as Kudler Fine Foods to wage a risk management strategy to protect its assets and reputation. Without an effective risk management process the company will be vulnerable t o various threats. It is Kudler Fine Foods responsibility to determine what mechanisms should be applied and how it will maintain a secure environment for its receive business objectives as well as run across required regulations. The risk management process is the primary method in facilitating security objectives.\r\nReferences\r\nWhitman,M.E., & Mattord, H. J. (2010). Management of information security(3rded.). Boston, MA: Course Technology/Cengage information National Institute of Standards and Technology. (2002). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pd\r\n'