Information Security Risk Management - Case Study Example

Comments (0) Cite this document
Information security is the protection of information for business continuity as it is fundamental for maximizing the business opportunities and return on investment. Information security and risk management has become a critical business discipline with sales, marketing,…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER97.1% of users find it useful
Information Security Risk Management
Read TextPreview

Extract of sample "Information Security Risk Management"

Information Security Risk Management Introduction Information security is the protection of information for business continuity as it is fundamental for maximizing the business opportunities and return on investment. Information security and risk management has become a critical business discipline with sales, marketing, financial management and Human resource.
2. Literature
Risk management and its role in the organization
Risk was called as a main cause for uncertainty in the business organizations. Therefore, business companies focus upon the risk identification, and manage it before these risks impact the business decisions. Organizations having control over risk management can compromise confidently for future decisions. Organization face internal as well as external actor, which create uncertainty for organizations in achieving the objectives. Hall (2010) called that the risk management was a hybrid function that had bridged the number of disciplines to reduce or avoid loss for organizations. Proactive activities are attempted to mitigate or prevent loss in the organizations.
Risk management techniques to identify and prioritize risk factors
Tavakkoli-Moghaddam et al., (2011) used the compromise ranking (VIKOR) and fuzzy entropy techniques in engineering, procurement and construction projects. Separate techniques for risk identification and risk prioritization are used. Qualitative assessment helps the management to prioritize the risks identified by calculating their impacts and impacts. Except these techniques, Monte Carlo method is most significantly used for risk identification. This method is based on probability and their impacts. Monte Carlo method shows the correlation between the identified variables for a project.
Assessment based on the likelihood of adverse events and its effects
Identification of vulnerabilities and threats through risk assessment helps in determining the impacts of each risk. However, risk assessment becomes a complex undertaking when imperfect information is provided. Value assignment to information system business processes including the costs, recovery and their impacts can be measured in indirect and direct costs.
Exposure of sensitive information about a specific business area of the organization has wide consequences and impacts the reputation or regard of the organization. Attacker can falsify the information, which is important for future decisions. Both qualitative and quantitative risk assessment technique can be used (Carroll, 2009).
The results of the risk identification process
Risk identification requires the risk treatment. Risk treatment is a range of options used for risk evaluation and plan preparation for risk treatment. Planning the risk treatment also requires plans’ implementation. In an organization, when risk about information security has been identified, it requires to mitigate the impacts of these risks. However, risk treatment options must be proportionate to the importance of risks and treatment cost. Risk treatment plan includes the risk acceptance, risk avoidance, reduce the risk, risk transferring and risk financing. Finally, when risk treatment plan has been implemented, continuous monitoring and review process becomes the essential part of information security management (Carroll, 2009).
3. Conclusion
In this paper, different aspects of information and risk management have been addressed. Organizations mostly focus on the information security to control over the confidentiality that support for future business decisions. In addition to the compromise ranking (VIKOR) and fuzzy entropy techniques, Monte Carlo method has been preferred for the risk identification and risk prioritization. Risk assessment and outcome of risk identification process is also discussed.
Carroll R. (2009). Risk management handbook for health care organizations, Jossey-Bass
Hall S. (2010). The role of risk management in healthcare organizations, Available form Accessed on 08/05/2014.
Tavakkoli-Moghaddam R., Mousavi M.S., and Hashemi H. (2011). A fuzzy comprehensive
approach for risk identification and prioritization simultaneously in EPC projects, Available from Accessed on 08/05/2014. Read More
Cite this document
  • APA
  • MLA
(“Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 words”, n.d.)
Retrieved from
(Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 Words)
“Information Security Risk Management Case Study Example | Topics and Well Written Essays - 500 Words”, n.d.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Information Security Risk Management

Information Security Risk Assessment Framework

...? Computer Sciences and Information Technology Annotated Bibliography Topic: Information Security Risk Assessment Framework and Metrics in the South Australia Real Estate Sector. Supervisor: Information Security Risk Assessment Framework and Metrics in the South Australia Real Estate Sector Australian Prudential Regulation Authority (2010) Prudential Practice Guide: PPG 234- Management of security risk in information and information technology. Web: Accessed on 10th...
15 Pages(3750 words)Annotated Bibliography

Topic:: Security Risk Management

...issues that is beyond his purview to resolve. The escalation procedure should reflect the triggers and the contact information of the people in the escalation matrix. The Organization should also have a Security Policy in place that will homogenize the efforts of the organization to mitigate risks. The Security Policy will set the tone on how important security is and the seriousness of management to address this issue. The security policy should also define means and ways of testing the crisis management capability of the organization. Not only are test going to be conducted, metrics should also be...
14 Pages(3500 words)Essay

Security and Risk Management

...? Security and Risk Management of the of the Security and Risk Management Introduction In the given scenario, a securitymanager employed at a large store is concerned at the extent of shoplifting in the store and has undertaken a piece of research which examines the problem. I am being asked to write a critical review of this research which focuses particularly on the methodology of the study. Writing a Good Research Paper: Start with the Basics A professional or scholarly research article as quoted in a peer reviewed journal generally comprises the following parts: 1. Introduction, Purpose and Scope of the Research 2. Literature Review...
11 Pages(2750 words)Essay

Security Risk Management Plan

...ongoing process throughout the project life, and it includes process of planning, identification, analysis and finally monitoring and control. With new risk identified with time these processes are updated. With the Rural Internet Kiosk, quite a number of risks are assessed to happens along the setting up of the whole organization and is mainly divided into four; the general management, personnel policies, insurance and general protection against fraud, terrorism and many other potential threats. The potential risk focused at the main four areas need senior management consideration because they will end up affecting the final project production, because...
6 Pages(1500 words)Essay

Managing information risk and security

...?Topic of the Table of Contents Introduction …………………………………………………………………2 Risk and Actual Breach of Security………………………………………... 4 Cases of Cybercrimes ………………………………………………………4 Risks management and disaster recovery processes ………………………..6 Individuating Protection Motivation and Mandatory Responses ……………9 Management: Security and Control ………………………………………..15 Conclusion …………………………………………………………………18 Introduction Information technology and systems have provided companies and organization such exceptional innovation in data and information management deemed essential for organizational capacity...
17 Pages(4250 words)Essay

Security Risk Management

...SECURITY RISK MANAGEMENT: LOSS PREVENTION PROGRAM IN KUMTOR OPERATING COMPANY Risk Avoidance, Risk Transfer, Risk Retention and Risk Reduction are the four common strategies which guide "Risk Management". Discuss how in your own work environment, you could utilize these concepts to develop and monitor a Loss Prevention programme. Introduction As we all know, Risk Management is a well thought out and calibrated action taken to reduce or manage an intangible aspect of reduced risk through meticulous...
14 Pages(3500 words)Case Study

Computer Security Information Risk Assessment & Security Management

...First Assignment. In today's world Computers are used to store and process a variety of confidential information like financial data, records of criminals and the crimes committed by them, medical history of patients, social security data, a company's personnel and payroll data, inventory and sales data, weather data, troops deployment data, missile deployment data, satellite surveillance obtained topographical data, etc. This data is considered confidential because access to the Computer and its data is supposed to be restricted to a limited number of users. This confidentiality can be compromised in a variety of ways. For example, integrity and confidentiality of computers and their data can be...
4 Pages(1000 words)Essay

Criminology (Risk & Security Management)

...Running Head: Criminology – Risk & Security Management Criminology – Risk & Security Management [Institute’s Criminology – Risk & Security Management Federal Trade Comission’s reports suggest that of all the types of identity theft, credit card fraud is the most common one. AARP analyzed the complaint data from FTC and concluded that complainants who were under 50 years of age were much less likely to be victimized by credit card fraud; however, people aged 50 and over were victimized much more. Hence, it was important to develop technologies and techniques for the protection of older...
9 Pages(2250 words)Essay

Risk & Security Management that are both uncontrollable and are concentrated in time in space. Emergency is anything that involves or causes the inevitable disruption of the critical social or organizational functions: for example, the breach of the computer system is naturally followed by the organization’s inability to process its customer information effectively (Moore & Lakha 2006). Objectively, the discussed definition of emergency implies that before security and risk managers can call the situation “a disaster”, the major social and organizational functions must be severely disrupted (Culp 2002, Roper 1999). In this sense, it would be correct to assume that emergency is the starting...
6 Pages(1500 words)Essay

Security & Risk Management

...and perhaps the oldest. After that the advantages of these models are discussed followed by its limitations for the security managers. In the end, the conclusion of the paper is given. Security ManagementSecurity management is a broad term which is used to refer to securing different types of assets of an organization, including the security of the information of an organization. It is the job of the security manager to identify the assets of an organization that need to be secured. Once these assets are identified, it is then required...
9 Pages(2250 words)Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Case Study on topic Information Security Risk Management for FREE!

Contact Us