Dr. Â Glenn Hines
Risk Management is one of the major components for a company to be successful as if it is neglected than a single threat can exploit its infrastructure. Risk is a possibility that a loss will occur, which happens when a threat is exposed to a vulnerability. Thereby, managing the risk is an important factor for every company. This paper ...view middle of the document...
Thereby, if there are no vulnerabilities then there is no risk or a very little risk as threats may always exist. Similarly, if there is no threat but there are some vulnerabilities then there is a very little risk or no risk.
Recognizing the vulnerabilities and precisely evaluating the threats is critical to understand the risk to assets which can be people, information or property. Organizations which are having risks can result in damage which adversely affects the organization and therefore an organization must try to limit its disclosure to risks.
Explain the relationship between risk and loss.
As discussed in the previous part about the definition of risk, we are able to decide the relationship between risk and loss. When a business have risks then it will result in loss which adversely affects the business. Therefore, all businesses tries to minimize its exposure to risks which will reduce their losses
There are four major risk related concerns for businesses discussed in (Gibson, 2014) which are:-
a. Compromising business functions
These are the activities or tasks which a business performs in order to sell its products and make profit and if any of these functions are adversely affected than the sale margin will not be much, thus leading to the loss for the business. Therefore, compromise in the activities can result in loss of revenue.
b. Compromising business assets
It is anything which has a value to a company and losing its value can lead to risk. This assets have both tangible and intangible value, tangible value means that it has an actual cost and if the asset stops working which leads to improper functioning of the task which it was assigned for and therefore disappointing the clientâ€™s confidence level which is its intangible value.
c. Driver of Business costs
The reason why risk is mentioned as a driver of business costs as when a risk is identified, there are steps taken in order to reduce/prevent risk which has a specific cost depending on the risk. This cost is added to the total business costs and thereby if more money is used up on reducing the risk, the profit decreases.
d. Profitability vs. survivability
Profitability is the ability of the company to make profit and survivability is the ability of the company to survive the loss caused due to risk for example fire which can be disastrous and result in business failure. Thereby in profitability a loss can ruin the business but in survivability a loss can make a company to never make profit again.
Describe risk management and assess its level of importance in information security.
Risk Management is process of identifying, assessing, controlling and mitigating risks. As discussed above that threat and vulnerabilities are the key drivers of risk and identifying them which are applicable to the organization is an important step.
One should keep in mind that risk management is not intended to risk elimination as it is an effort to identify the risks...