Premium Essay

Application of Risk Management

In: Computers and Technology

Submitted By jsim911
Words 505
Pages 3
As an IT manager of YieldMore Company, it is our responsibility to analyze all of the risks as well as the threat/vulnerability pairs, and decide what kinds of risk management techniques will reduce the chances of vulnerabilities being exploited. We want to ensure that the risk management techniques that we choose to use will bring the greatest amount of security for the seven domains.
The user domain has risks related to lack of training employees in areas of general security knowledge. Visiting risky websites, opening infected emails or bringing infected files carelessly on their usb can result in a nightmare of security issues. To counteract this sort of risk, we will use mitigation in order to control certain restrictions for employees such as not being able to access USBs on their computers, having email go through a filtering process, and blacklisting certain risky websites.
The user domain has a close relationship with the workstation domain. For example, keeping workstations up to date with the most recent patches, as well as configuring and increasing security using firewalls are important risk management techniques. In addition, users have limited privileges when it comes to installing software. Only administrators can install software.
The LAN domain is the area inside the firewall. Each individual device must be protected. Data transferred within the LAN isn’t protected as thoroughly as if it were sent outside the LAN. This leads to a vulnerability of packet sniffing. Another vulnerability that needs to be mitigated in the LAN domain is preventing rogue users from unauthorized WLAN access.
A high level of security is required to keep the LAN-to-WAN Domain safe. The public side of the boundary is often connected to the Internet and have public IP addresses. These IP addresses are accessible from anywhere in the world, and attackers are constantly…...

Similar Documents

Premium Essay

Risk Management

...achieving adequate information security and for managing information system-related security risks (National Institute of Standards and Technology, 2010). One common methodology for implementing information security is known as Certification and Accreditation. Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security requirements that are well documented and authorized (Tipton & Krause, 2007). In order to improve information security, strengthen risk management processes, guarantee standardization, and enforce federal policies, the National Institute of Standards and Technology (NIST) partnered with the Department of Defense to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF) (National Institute of Standards and Technology, 2010). The Risk Management Framework provides a structured, yet flexible approach for managing risk to the business processes of a federal organization; however, these principles are crucial to both federal and commercial IT operations since they certify that the management of security risks is consistent with the organization’s mission objectives. Additionally, they ensure the risk management framework is smoothly integrated into the organization’s enterprise architecture (NSIT, 2010). Risk Management Framework The following steps identify the six steps encompassed in the RMF and define......

Words: 1273 - Pages: 6

Premium Essay

It Risk Management

...MIT Sloan School of Management MIT Sloan School Working Paper 4933-11 Developing a Common Language About IT Risk Management George Westerman and Richard Hunter ©George Westerman and Richard Hunter All rights reserved. Short sections of text, not to exceed two paragraphs, may be quoted without explicit permission, provided that full credit including © notice is given to the source. This paper also can be downloaded without charge from the Social Science Research Network Electronic Paper Collection: http://ssrn.com/abstract=1979796 Electronic copy available at: http://ssrn.com/abstract=1979796 CENTER FOR Massachusetts INFORMATION Institute of SYSTEMS Technology RESEARCH Sloan School Cambridge of Management Massachusetts Developing a Common Language About IT Risk Management George Westerman and Richard Hunter June 2009 CISR WP No. 377 A version of this paper will be published as “Developing a Common Language About IT Risk,” IESE Insight, Issue 1, Second Quarter 2009: 21–27. © 2009 Massachusetts Institute of Technology. All rights reserved. Research Article: a completed research article drawing on one or more CISR research projects that presents management frameworks, findings and recommendations. Research Summary: a summary of a research project with preliminary findings. Research Briefings: a collection of short executive......

Words: 5211 - Pages: 21

Premium Essay

Is3110 Assignment 1 Application of Risk Management Techniques

...Application of Risk Management Techniques Risks Windows Vista, while relatively current is still a lacking OS when compared to Windows 7. All desktops connect to an industry standard switch via an Ethernet cable. While this can be a risk, it is not a sizable risk. (Minimal Risk) The two large production facilities are connected to the headquarters via an external ISP. Even with the firewalls in place, there is no accountability if the connection they contract is in use by anyone else. I would advise contacting the ISP and verifying if the connection is shared with other users and take further action depending on their answer. (Substantial Risk) The individual sales personnel connect via VPN software, but use their individual internet connection, usually out of their home office. This can be very dangerous as they do not fall under the blanket of protection offered by the bigger offices and their terminals are at greater risk to be tampered or infected by a malicious user. (Critical Risk) The core idea of preventing risk is to safeguard the information stored on the database server. The workers and customers of the company have private information stored there and the loss or leak of the data could be catastrophic to the company. Ergo I suggest the changes to be made to mitigate the risk of an intruder gaining access to the network. There is not a lot of information given about the entirety of the network, so much of this may not be necessary or already in place. ...

Words: 973 - Pages: 4

Premium Essay

Risk Management

...Entitled RISK MANAGEMENT M.Tech-2nd Sem Computer Science and Engineering Guru Nanak Dev University, Amritsar Submitted by: Parul Garg Table of Contents |Topic Name |Page No. | |Abstract |3 | |Introduction |3 | |Need of Risk Management |3 | |Risk Management Process |4-6 | |Popular Risk Management Models |7-8 | |Riskit Method |8-12 | |Conclusion |12 | |References |13 | Abstract: The risk management in software project is a crucial activity because if any risk becomes true, it can hamper the growth of project as well as its organization. This paper presents the basic concept of risk, need for risk management and its......

Words: 2209 - Pages: 9

Premium Essay

Risk Management

...CHAPTER ONE 1.0 INTRODUCTION Project management is the application of knowledge, skills, tools, and techniques to project activities in order to meet or exceed stakeholder needs and expectations from a project. Project risk management includes the processes concerned with identifying, analyzing, and responding to project risk. It includes maximizing the results of positive events and minimizing the consequences of adverse events. Managing risk therefore, is an integral part of good project management, and fundamental to achieving good business and project outcomes and the effective procurement of goods and services. Risk management provides a structured way of assessing and dealing with future uncertainty. 1.1 PROJECT MANAGEMENT A project can be defined as a series of related jobs usually directed toward some major output and requiring a significant period of time to perform. According to the Project Management Institute, the discipline of project management can be defined as the art of directing and coordinating human and material resources throughout the life of a project by using modern management techniques to achieve pre-determined objectives of scope, cost, time, quality and participation satisfaction. Furthermore, project management is the discipline of planning, organizing, and managing resources to bring about the successful completion of specific projects. 1.2 RESPONSIBILITY OF A PROJECT MANAGER The Project Manager......

Words: 3843 - Pages: 16

Premium Essay

Assignment One Application of Risk Management Techniques

...AD password controls and maintaining accountability the risk of their laptop being lost, stolen or compromised decreases sharply. This is a risk that can be easily evaluated through mitigation, keeping the employees accountable for their equipment, and minimizing cost to the enterprise. With such a wide geographical area the sales employees workstations may be infected or compromised without their knowledge, which would be rare, but plausible. This can be worked with, but will leave residual risk. Equipment can be provided to users such as laptop desk locks or even increades security using biometrics. A cost-benefit analysis should be performed. The routers at the remote sites may be susceptible to intrusion attacks, if no Intrusion Detection/ Prevention system is in place. As a remote site it is also possible that iOS patches and the like may not be current. Documentation, vulnerability monitoring and mitigation by adding preventative measures, such as encryption are advisable at production and headquarters site. As the servers house a proprietary Management system, it is of the highest priority that these servers be secured, physically and logically and be protected against attacks. The risk that this will go down is inherent. WE can provide a failover cluster or simply a live backup, RAID the hard drives, and ensure they’re hot-swappable. The Acceptance of this risk would come at little to no increased cost. The......

Words: 376 - Pages: 2

Premium Essay

Management of Risk

...RISK MANAGEMENT – AN AREA OF KNOWLEDGE FOR ALL ENGINEERS A Discussion Paper By: Paul R. Amyotte, P.Eng.1 & Douglas J. McCutcheon, P.Eng.2 Chemical Engineering Program Department of Process Engineering & Applied Science Dalhousie University Halifax, Nova Scotia, Canada B3J 2X4 2 1 Industrial Safety & Loss Management Program Faculty of Engineering University of Alberta Edmonton, Alberta, Canada T6G 2G6 Prepared For: The Research Committee of the Canadian Council of Professional Engineers October 2006 SUMMARY The purpose of this paper is to “seed” the discussion by the Research Committee of the Canadian Council of Professional Engineers (CCPE) on the topic of risk management. The paper is in part a research paper and in its entirety a position paper. As can be inferred from the title, the authors hold the firm opinion that risk management is an area of knowledge with which all engineers should have familiarity and a level of competence according to their scope of practice. The paper first makes the distinction between hazard and risk. The two terms are often used interchangeably when in fact they are quite different. A hazard is a chemical or physical condition that has the potential to cause harm or damage to people, environment, assets or production. Risk, on the other hand, is the possibility or chance of harm arising from a hazard; risk is a function of probability and severity of consequences. A description of the process of risk management is then given....

Words: 14427 - Pages: 58

Premium Essay

Risk Management

... REPORT ON THE PROPOSED RISK MANAGEMENT POLICY, ITS IMPORTANCE, STRATEGY AND RISK CULTURE OF CHOPPIES ENTERPRISE LIMITED PRESENTED TO: BOARD OF DIRECTORS, CHOPPIES GROUP OF COMPANIES BY: Mr Monamodi Collen Gontse (RISK MANAGER) 1st OCTOBER 2014 Choppies Accounts Boardroom; 2nd Floor Gaborone International Commerce Park Choppies Enterprises Limited, PLOT No 100 Gaborone International Commerce Park, East Gate Gaborone West, Botswana Contents 1. TERMS OF REFERENCE 3 2. ACKNOWLEDGEMENT 4 3. EXECUTIVE SUMMARY 5 4. INTRODUCTION 6-7 5. BACKGROUND 7-9 6. IMPORTANCE OF RISK MANAGEMENT POLICY & CHOPPIES RISK MANAGEMENT POLICY 10-12 7. RISK MANAGEMENT ARCHITECTURE 12-15 8. RISK AWARE CULTURE 15-17 9. ISO 31000 APPLICATION IN CHOPPIES ENTERPRISES LTD 17-18 10. RECOMMENDATIONS 18 11. CONCLUSION 18 12. References 19-20 Terms of Reference This report strives to evaluate the effectiveness of Choppies Enterprises Limited ERM, using the ISO 31000 Risk Management framework as a standard, documenting the......

Words: 5858 - Pages: 24

Premium Essay

Risk Management

...own risk management. Introduction At the time of writing, at least three major global risks can be identified which impact on organisations throughout the world. The first is the fallout from the United States sub-prime mortgage crisis which has reduced credit availability, increased interest rates and put significant pressure on many financial institutions around the world, some of whom have already failed or face failure. The second is climate change and the effect that proposed emissions trading schemes may have on costs. Third is the rapidly increasing price of oil and concerns over limited supply from the Middle East, exacerbated by long drawn out fighting in Iraq, Afghanistan and tensions in Iran and Pakistan. Both climate change and oil prices are likely to have significant impacts on economies, industries and consumers over the long term. Had this book been written in 2001, the most high profile risk would have been the threat of terrorism following the September 11 attacks on the World Trade Centre and Pentagon. Two years before that, industry and government faced the threat of widespread computer failure as a result of the Millennium Bug (the ‘Y2K’ rollover). Whilst these and other high profile events may seem distant from any particular organisation, the knock-on effect to economies, industries, individual organisations (public, private and not-for-profit) as well as on consumers can be significant. These events bring to the forefront the importance of risk management. At...

Words: 89973 - Pages: 360

Premium Essay

Unit 1 Assignment 1 Application of Risk Management Techniques

...In accordance with each of the threat/vulnerability pairs and their likelihood of occurrence, each of the possible risk will be listed below and how we will mitigate each: -Malware This can occur because of outdate virus protection and lack of employee knowledge. The best mitigation for this would be to update the current virus protection program and allow for constant updates through the firewall for updates for each program. -Equipment Failure This will occur when equipment isn’t maintained properly or just failure over time. This will lead to data loss due to not backing up data. The best way to mitigate this issue would be to back up data regularly and keep copies of all data to an off-site location. -Denial of Service Attacks This can occur when proper firewall and intrusion detection systems are not properly implemented. Mitigation for this would be to implement firewalls along with intrusion detection systems and monitor all traffic accordingly. -Users Users themselves that are not properly trained and kept on check can cause major damage to a company’s network. Lack of access control and giving out admin privileges to all users is dangerous. Mitigation for this issue can be implemented by add access controls and authentication parameters. In this brief report, I have included all of the possible threats and vulnerabilities and have proposed solutions for each. Upon researching and studying on probable causes of concern for you company’s assets, I......

Words: 251 - Pages: 2

Premium Essay

Risk Management

...JIT2 (Risk Management): Task 1A Our firm has been hired as a consultant, the first task my team and I have been assigned is to create and present to management both a risk management and a business contingency plan for our client. Both the legal and IT departments have expressed their concerns regarding the ethical use and protection of sensitive data, customer records, and other information systems content of both the firm and the client. In an effort to follow the company’s goal of each project building employee confidence and job satisfaction, the team has been allowed to select our first client. The client we choose can be a former or current employer, any local business, any nationally or internationally held publicly traded or privately held company. The one prerequisite is that the client operate globally in at least one aspect of it business. To help ensure anonymity and security any information that could be considered confidential, proprietary, or personal in nature will be excluded. No actual names of people, suppliers, the company, or other identifiable information will be included. In addition every effort will be made to ensure fictional names used will be obscure as possible. Company-specific data, including financial information, will be addressed in the most general and generic means possible when appropriate. Per the client’s request will address the following items: A. Generate a risk register that includes eight valid risks faced by the client.......

Words: 2097 - Pages: 9

Premium Essay

Risk Management

...section explains why risks exist and highlights the purpose and importance of the risk management plan. It provides a general description of why risk management is essential to effectively managing a project and describes what is needed before risk management can begin. As organizations begin new projects they begin operating in an area of uncertainty that comes along with developing new and unique products or services. By doing so, these organizations take chances which results in risk playing a significant part in any project. The purpose of the risk management plan is to establish the framework in which the project team will identify risks and develop strategies to mitigate or avoid those risks. However, before risks can be identified and managed, there are preliminary project elements which must be completed. These elements are outlined in the risk management approach. This project is considered a medium risk project as it has an overall risk score of 24 on a scale from 0 to 100. The project risk score is the average of the risk scores of the most significant risks to this project. A risk score below 16 is low risk project, a score between 16 and 45 is a medium risk project and a score above 45 is a high risk project. Before risk management begins it is imperative that a foundation is established for providing structured project information, thus, the following project elements were completed and defined prior to developing this Risk Management......

Words: 1968 - Pages: 8

Premium Essay

Risk Management

...Impact of Risk Management in Application Development Abstract: Nowadays, software is becoming a major part of enterprise business. Software development is activity connected with advanced technology and high level of knowledge. Risks on software development projects must be successfully mitigated to produce successful software systems. Lack of a defined approach to risk management is one of the common causes for project failures. To improve project chances for success, this work investigates common risk impact areas to perceive a foundation that can be used to define a common approach to software risk management. Based on typical risk impact areas on software development projects, we propose three risk management strategies suitable for a broad area of enterprises and software development projects with different amounts of connected risks. Proposed strategies define activities that should be performed for successful risk management, the one that will enable software development projects to perceive risks as soon as possible and to solve problems connected with risk materialization. We also propose a risk-based approach to software development planning and risk management as attempts to address and retire the highest impact risks as early as possible in the development process. Proposed strategies should improve risk management on software development projects and help to create a successful software solution. Table of contents: 1. Introduction ...

Words: 2496 - Pages: 10

Premium Essay

It Risk Management

...Information Technology Risk Management Risk management is the continuing method to recognize, examine, appraise, and treat loss exposures and monitor risk control and financial resources to diminish the adverse effects of loss (Marquette). Every company has a goal. In this internet age, as companies use computerized information technology systems to manage their data for better support of their goals, risk management plays a crucial role in defending a company’s information technology‘s resources and its goals from information technology’s risk. A successful risk management method is an important component of an effective information technology security program. The primary goal of a companies risk management method should be to protect the company and its ability to accomplish their task, not just its information technology’s assets. Therefore, the risk management method should not be treated primarily as a technical function carried out by the information technology professionals who control and administer the information technology system, but as a necessary management function of the company (Stonebrner). Risk management is the method that allows information technology supervisors to assess the operational and economic expenses of protective measures and achieve gains in operational capability by keeping the information technology systems and records that support their company’s goals. This method is not unique to the information technology environment; indeed......

Words: 1274 - Pages: 6

Premium Essay

Risk Management

...What is Risk? A. Uncertainty Concept—risk traditionally has been defined as uncertainty B. Objective Risk 1. Defined as the relative variation of actual loss from expected loss 2. Declines as the number of exposure units increases 3. Is measurable by using the standard deviation or coefficient of variation C. Subjective Risk 1. Defined as uncertainty based on one’s mental condition or state of mind 2. Difficult to measure II. Chance of Loss A. Objective Probability 1. A priori—by logical deduction such as in games of chance 2. Empirically—by induction, through analysis of data 2 Rejda • Principles of Risk Management and Insurance, Tenth Edition B. Subjective Probability—a personal estimate of the chance of loss. It need not coincide with objective probability and is influenced by a variety of factors including age, sex, intelligence, education, and personality. C. Chance of Loss Distinguished from Risk—although chance of loss may be the same for two groups, the relative variation of actual loss from expected loss may be quite different. III. Peril and Hazard A. Peril—defined as the cause of loss B. Hazard 1. Physical hazard—physical condition that increases the chance of loss. Examples are icy streets, poorly designed intersections, and dimly lit stairways. 2. Moral hazard—dishonesty or characteristics of an individual that increase the chance of loss 3. Morale hazard—carelessness or indifference to a loss because of the existence of insurance 4.......

Words: 2119 - Pages: 9