Premium Essay

Risk Assessment Paper

In: Computers and Technology

Submitted By gsevelin
Words 1263
Pages 6
Risk Assessment Paper
CMGT 579
September 26, 2011
Kyrstal Hall

Every organization is faced with some risk or potential threat that could cause an interruption to the organization’s operations. These risks and threats can come from within or outside of the organization. To prepare for the worst that could happen, organizations must focus their attention on how to assess different types of risks to protect the organization from the possible negative effects to the daily operations. Performing a risk assessment is one of the most important steps in the risk management process (eHow, 2011).
A Risk Assessment is periodic assessment of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. A risk assessment should include a consideration of the major factors in risk management: the value of the system or application, threats, vulnerabilities, and the effectiveness of current or proposed safeguards.
Many organizations perform risk assessments to measure the amount of risks that could affect their organization, and identify ways to minimize these risks before a major disaster occurs. Department of Defense Information Systems Agency (DISA) follows guidelines and policies governed by processes by which the organization assesses and manages exposure to risks. In this paper the subject to identify is the risks and potential effects associated with the areas of the organization pertaining to security, auditing, and disaster recovery.
Security is divided in three major areas: Physical security includes access to the building, offices, and the rooms housing the organization’s servers and other critical computing devices. External threats to the organization’s computing network such as

Similar Documents

Premium Essay

Gai Risk Assessment Paper

...Global Asset, Inc. (GAI) Risk Assessment Paper By _____________ May 3, 2015 CMIT 425 Professor Effective Network System In this paper I will show the management team of GLOBAL ASSET, INC. the importance/benefits of having an internally operational Information System, over the benefits they believe they will reap when they outsource such services. I will also convince and help them design a better and more secure Information System. Among the odds of outsourcing IT services there are benefits too, but the cons outdo the pros: benefits include; * Reduced operational and recruitment cost: as the cost of having an internal IT firm outdo the cost of outsourcing the same services by over 30% * Risk sharing: This helps to share some of the responsibilities with the company you are outsourcing to. * Swiftness and Expertise: Mostly the firms that take the outsourced contracts have been in the industry for a long time and have built a strong and positive company profile through the quality of service they provide. * Concentrating on main process rather than the supporting ones: Outsourcing the minor/supporting processes enables the organization to have more time to perfect or strengthen their main business operations However the disadvantages outweigh the benefits and include: * Risk of Exposing confidential data: When such an organizations outsources IT services it risks exposing its customers and companies information to third parties, as in the case...

Words: 3626 - Pages: 15

Premium Essay

Rik Management Audit

...Risk-Based IT Audit Risk-Based Audit Methodology Apply to Organization’s IT Risk Management Kun Tao (Quincy) Cal Poly Pomona Author Note This paper was prepared for GBA 577 Advanced IS Auditing, taught by Professor Manson. March 2014 Page 1 of 26 Risk-Based IT Audit Table of Contents Abstract .......................................................................................................................................... 3 Introduction .................................................................................................................................... 4 Methodology................................................................................................................................... 6 Risk-based auditing methodology: Risk assessment...................................................................... 6 IT Risk Management................................................................................................................... 7 IT Risk Control Framework........................................................................................................ 8 Identifying assets...................................................................................................................... 13 Determining criticality and confidentiality levels......................................................................14 Threat and vulnerability identification................................................................

Words: 6057 - Pages: 25

Free Essay

Unit 3

...Severity | Controls | Drawing (Arts and craft) | Sharp pencilsPaper cuts | 22 | 44 | Make sure pencils are not too sharp.Cello tape paper down to tables | Dinner time | Chocking on foodSharp utensils | 31 | 35 | Make sure food is cut up small enough for child not to choke on itDon’t leave utensils out or misplace sharp ones | Reading to children | Fall asleep and suffocateTry eating books | 11 | 35 | Make sure child doesn’t fall asleep sitting upDo not let children read books unsupervised | Taking children to toilets | Not cleaning child properlySlip on water | 32 | 34 | Making sure the child has been cleaned properly to prevent cross contaminationMake sure children are supervised | Playtime | Eat sand Weather | 23 | 43 | Make sure child is supervised at all timesMake sure child is correctly dressed at all times | P3: Carry out a risk assessment in a health or social care setting. M2: Assess the hazards identified in the health and social care setting. D1: Make recommendations in relation to the identified hazards to minimise the risks to the service user group. In this assignment I will be talking about the risk assessment that I carried out in a nursery. I will be talking about the risks that could take place and how likely it would be of the risk to take place, also I will be talking about the severity of the risk. A risk assessment is simply a careful examination of what, in your work, could cause harm to people, so that you can weigh up whether you have taken...

Words: 2863 - Pages: 12

Premium Essay

Risk Managment

...RISK PM595 Initial information used in phase 1 of the assessment process is based on project documents and the request for tender itself. Information for Phase 2 is derived from individual tenderer’s response. In phase 1, an appropriate system or element structure for examining the tender is developed and semi-quantitative approach is used to assess the likelihood of risks arising in each element and their consequences and then derive a baseline priority for each element and the project. In phase 2, the evaluation is modified according to the detailed approach each tenderer intends to adopt, and that tenderer’s capabilities. According to the text book some of the objectives of the risk assessment in tender evaluation are to provide an initial indication of where the major risks might arise in the project, prior to receipt or detailed examination of tender responses, based on a set of credible assumptions about how the project might be conducted. It also develops a risk baseline against which individual tender responses can be compared. It assist the project team to focus on potential risk areas, it provides a risk profile for each tender offer submitted and provides a documented audit trail. In Phase 1 a baseline is established against which tenders can be assessed before bids are received. In Phase 2 each submitted tender offer is compared with the baseline to develop a comparative risk assessment for each one. In phase 1 the structured and documented risk assessments...

Words: 844 - Pages: 4

Premium Essay

Security Risk Management

...Security Risk Management Plan Sydney Head Office 175 Sydney Rd Sydney NSW 2000 DOCUMENT VERSION CONTROL Document Name: | Amalgamation of GSC | Version Number: | 0.1 | Date: | 18 July 2016 | Reviewed By: | | Authorised By: | | CHANGE HISTORY Version | Issue Date | Author | Reason for Change | 0.1 | 20.05 | ABCELLO | Original Document | | | | | | | | | | | | | | | | | | | | | | | | | DISTRIBUTION LIST Copy No | Name | Location | 1. | Master | Project Office | 2. | <Project Manager> | | 3. | <Project Sponsor> | | 4. | <Executive Sponsor> | | 5. | | | | | | | | | | | | | | | CONTENTS INTRODUCTION | 4 | | | SCOPE OF WORKS | 4 | DISCLAIMER AND LIMITATIONS | 4 | | | METHODOLOGY | 4 | | | STRATEGIC CONTENT | 4 | STAKEHOLDER LIST | 5 | RISK MANAGEMENT CONTEXT | 5 | THE RISK MANAGEMENT PROCESS | 6 | | | ANALYSIS OF SECURITY RISK | 7 | TREATMENT OPTIONS | 7 | | | SOURCES OF EVENT RISK | 8 | | | RISK IMPLEMENTATION/RISK IDENTIFICATION | 9 | | | RISK ASSESSMENT SUMMARY | 9 | RISK 1 - Operational | 10 | RISK 2 - Strategic | 10 | RISK 3 - Human / Animal Resources | 11 | RISK 4 - Systems | 11 | RISK 5 - Financial | 12 | RISK 6 - Legal | 12 | | | RISK ASSESSMENT TABLES & CONSEQUENCE | 13 -18 | STAKEHOLDERS SIGN OFF | 19 | BIBLIOGRAPHY | 20 | | | INTRODUCTION ...

Words: 3116 - Pages: 13

Premium Essay

Risk Paper

...Risk Paper #2 Case Study – Tender Evaluation Marjorie Spitz Keller Graduate School of Management PROJ 595- Project Risk Management Instructor: Professor Bill Lewis Week 7 Date: April 20, 2013 Introduction In a tender evaluation process, it is vital to identify, assess and quantify risks that might be associated with the tender. According to Cooper, Grey, Raymond and Walker (2005), risk management is vital in the tender evaluation process, because risks associated with specific tender responses are identified at an early stage, so they can be addressed explicitly in the tender evaluation. The high-risk areas on which the greatest attention and effort should be focused in the evaluation of tender responses are identified. (Managing Risk in Large Projects and Complex Procurements.Ch.13, pg 148). The goal of this paper is to compare and contrast the two phases of the case study Tender Evaluation. “Phase 1 is concerned with establishing a baseline against which tenders can be assessed, prior to bids being received. Phase 2 compares each submitted tender offer with the baseline, to develop a comparative risk assessment for each one.”(Cooper, Grey, Raymond and Walker, 2005). Both phases are important in order to understand the risks during the tender evaluation process. ...

Words: 1127 - Pages: 5

Premium Essay

Proj545: Risk Paper #1

...Proj545 Professor: James Jameson May 21, 2015 PROJ545: Risk Paper #1 Risk Paper   Introduction A few years ago I received some advice from my brother who at the time was a rather successful real-estate agent and previous real estate appraiser. He had built some wealth not only buy and selling houses for clients but also managed to purchase a few properties as personal investments. The advice I received was I should look at investing in real-estate. “You can look to me for guidance, I will not only make sure the property you choose makes sense on paper but I can also guide you through the renovation/remodeling process.” My family was no stranger to real-estate investment. My parents had for a long time been landlords and had purchased a few properties, renovated them churned a profit at the time of sale. After a few years of receiving continued encouragement from my family to invest, I finally made the decision to make my first big purchase. I was never a fan of taking big risks but as I watched my family succeed in real-estate and did put my mind at ease. I was not naïve of the inherent risks and I did consider obstacles that I could face and or threaten my investment. Identifying Risks After making the decision to attempt my luck at real-estate, I started to gather ideas on what potential risks I would be most affected by. My main sources of risk identification was braining storming and interviews with what were my “mentors” although they were family...

Words: 861 - Pages: 4

Premium Essay

Curbing Fraud Through Risk Assessments

...Curbing Fraud Through Risk Assessments Abstract The purpose of this paper is to discuss the psychology behind why people commit fraud and how a risk assessment can be used to mitigate fraud and risk towards a given organization. The risk assessments portion of the paper will discuss areas such as a process for an effective fraud risk assessment which includes defining a risk scope, risk treatments (acceptance, avoidance, transfer, mitigate, or a combination approach), and most importantly risk monitoring and review through controls. The paper then discusses in detail the importance of proper risk modeling then finished with an analysis on an actual fraudulent activity around the abuses with SNAP benefits. Risk Assessments: Merriam-Webster defines fraud as the “intentional perversion of truth in order to induce another to part with something of value or to surrender a legal right.” Some type of fraud scheme or business exploit is in the news headlines every day. Anything from employees stealing money out of cash register to multibillion dollar pyramid schemes is seeming becoming a common segment on the news right next to this week’s weather forecast. The opportunity for a common person or company to fall victim to fraud is paramount. Often times a business simply doesn’t know where their most susceptible operations reside. This limitation causes billions of dollars of fraud to commence every year, and often times the company won’t know they aren’t being scammed until it’s...

Words: 3549 - Pages: 15

Premium Essay

Pm 584 Qualitative Risk Assessment

...Quantitative Risk Assessment PM/584 October 2015 Deborah Reid Quantitative Risk Assessment The following paper will cover a revision to the Kudler Fine Foods newsletter with coupons for a promotional items project background clarifying the project scope, requirements, schedule, quality and constraints. This paper will also include an updated risk identification framework, qualified and quantified risk matrix, and prioritized risk register. Revised Project Background The basic project is the design of a monthly newsletter with coupons for promotional items using the current customer demographic database. The project timeline is 9 months with a budget of $75,000. The majority of the budget will be spent on securing a design agency, and printing and mailing of the newsletter. Some will be allocated to the maintenance and updating of the current database information. First Month: • As Kudler Fine Foods does not have the talent in house required to design the newsletter an external design agency will have to be utilized. This will require the publication of a Request for Proposals (RFPs) to be forwarded to design agencies. Once the RFP’s have been received a review by management and the project team will be required for the selection process, this should be accomplished within the first month of the project timeline. Second/Third Months • Once the design agency has been selected the...

Words: 1060 - Pages: 5

Premium Essay

It Communications

...CIS 502 Week 10 Technical Paper Global Finance Inc. xxxxxxxxxxxxx June 19, 2013 xxxxxxxxxx Situation Global Finance Inc. has grown rapidly in the past years, and due to this they have gained a huge customer base. The company invested in the network designed it to be fault tolerant and resilient from any other network failures. However, although the company’s financial status has matured and its network has expanded at a rapid pace, its network security has not kept up with company growth (NIST, 2012). GFI’s network is fairly stable as it has not experienced many outages due to network failures. Global Finance Inc. has hired three network engineers to keep up with the network growth and bandwidth demand by the company employees and the clients. However, this company has not hired any security personnel who can take care of the operational security responsibility. The trusted computing base internal network in the Global Finance Inc. hosts the company’s mission critical systems without which the company’s operation and financial situation would suffer. The Oracle database and email systems are among the most intensively used application servers in the company. Global Finance Inc. cannot afford system outages because its cash flow and financial systems heavily depend on the network stability. This company has experienced denial of service attacks (DOS) twice this year and its Oracle database and email servers has been down at...

Words: 1073 - Pages: 5

Premium Essay

Breach Notification Rules

...Breach Notification Rules The intent of this paper is to define breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) in the United States (U.S.) and to discuss their objectives and purpose. To achieve this end, it is necessary to conduct a background analysis of the HIPAA breach notification rules. In addition, an evaluation of these rules will be highlighted. Moreover, the impact of the Final Omnibus Rule (FOR) of 2013 on breach notification rules will be emphasized. Finally, the way head will be underscored. Background In August 1996, President Bill Clinton signed HIPAA, which is the single most significant federal legislation affecting the U.S. health care industry since the creation of the Medicare and Medicaid programs in 1965. The five primary goals of the HIPAA legislation are: 1. To improve portability and continuity of health insurance coverage for individuals and groups. 2. To combat fraud, waste, and abuse in the health care industry. 3. To promote the use of medical savings accounts. 4. To improve access to long-term health care services and coverage. 5. To establish standards for administrative simplification (HIPAA, 1996). The Interim Final Rule for Breach Notification for Unsecured Protected Health Information, issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, which enacted as part of the American Recovery and Reinvestment Act (ARRA)...

Words: 1771 - Pages: 8

Premium Essay

Draft Rts on Assessment Methodology for Irb Approach

...DRAFT RTS ON ASSESSMENT METHODOLOGY FOR IRB APPROACH - Consultation Paper - 16 March 2015 Published by EBA Publication date 12 November 2014 Read by Hasan Isik Link CHAPTER 1- General rules for the assessment methodology 32 CHAPTER 2- Assessment methodology of roll out plans and Permanent partial use of Standardised Approach 35 CHAPTER 3- Assessment methodology of the function of validation of internal estimates and of the internal governance and oversight of an institution 38 CHAPTER 4- Assessment methodology of use test and experience test 48 CHAPTER 5- Assessment methodology for assignment of exposures to grades or pools 51 CHAPTER 6- Assessment methodology for definition of default 56 CHAPTER 7- Assessment methodology for rating systems design, operational details and documentation 60 CHAPTER 8- Assessment methodology for risk quantification 71 CHAPTER 9- Assessment methodology for assignment of exposures to exposure classes 90 CHAPTER 10- Assessment methodology for stress test used in assessment of capital adequacy 93 CHAPTER 11- Assessment methodology of own funds requirements calculation 96 CHAPTER 12- Assessment methodology of data maintenance 102 CHAPTER 13- Assessment methodology of internal models for equity exposures 106 CHAPTER 14- Assessment methodology for management of changes to rating systems 111 CHAPTER 15- Final provision 112 1. General Rules * Proportionality Principle: Competent...

Words: 2498 - Pages: 10

Premium Essay

Bus 519 Assignment 3: Risk Workshop and Risk Register ( Eqi in Siwa )

...BUS 519 Assignment 3: Risk Workshop and Risk Register ( EQI in SIWA ) Follow Below Link to Download Tutorial https://homeworklance.com/downloads/bus-519-assignment-3-risk-workshop-risk-register-eqi-siwa/ For More Information Visit Our Website ( https://homeworklance.com/ ) Email us At: Support@homeworklance.com or lancehomework@gmail.com Due Week 6 and worth 240 points Note: The assignments are a series of papers that are based on the same case, which is located in the Student Center of the course shell. The assignments are dependent upon one another. Write an eight to ten (8-10) Risk Workshop and Risk Register Component paper in which you: 1. Identify the required pre-workshop activities. 2. Prepare a risk workshop agenda based on Figure B-8, Sample Agenda for a First Risk Assessment / Two – Day Risk Workshop (Appendix B of the Hillson and Simon text). Include suggested time intervals for each activity and justify why each agenda item is relevant for this case. 3. Determine the top five (5) threats in a risk register following Figure B-11, Sample Simplified Risk Register Format (Appendix B of the Hillson and Simon text). Include information from the case for each threat. 4. Justify the assignment of probability and impacts for each threat identified in criterion number 3 of this assignment. 5. Document the top three (3) opportunities in a risk register following Figure B-11, Sample Simplified Risk Register Format (Appendix B of the Hillson and Simon...

Words: 432 - Pages: 2

Premium Essay

Communication Product

...RESULTS-BASED PUBLIC SECTOR MANAGEMENT A Rapid Assessment Guide PLAN EVALUATE BUDGET RESULTS MONITOR IMPLEMENT i RESULTS-BASED PUBLIC SECTOR MANAGEMENT A Rapid Assessment Guide © 2012 Asian Development Bank All rights reserved. Published in 2012. Printed in the Philippines ISBN 978-92-9092-838-6 (Print), 978-92-9092-839-3 (PDF) Publication Stock No. TIM124978 Cataloging-In-Publication Data Asian Development Bank    Results-based public sector management: A rapid assessment guide. Mandaluyong City, Philippines: Asian Development Bank, 2012. 1. Managing for development results   2. Results-based management    3. Public sector.   I. Asian Development Bank. The views expressed in this publication are those of the authors and do not necessarily reflect the views and policies of the Asian Development Bank (ADB), its Board of Governors, or the governments they represent. ADB does not guarantee the accuracy of the data included in this publication and accepts no responsibility for any consequence of their use. By making any designation of or reference to a particular territory or geographic area, or by using the term “country” in this document, ADB does not intend to make any judgments as to the legal or other status of any territory or area. ADB encourages printing or copying information exclusively for personal and noncommercial use with proper acknowledgment of ADB. Users are restricted from reselling, redistributing, or creating...

Words: 5265 - Pages: 22

Premium Essay

Coso Enterprise Risk Management

...Curtis | Mark Carey The information contained herein is of a general nature and based on authorities that are subject to change. Applicability of the information to specific situations should be determined through consultation with your professional adviser, and this paper should not be considered substitute for the services of such advisors, nor should it be used as a basis for any decision or action that may affect your organization. Authors Deloitte & Touche LLP Principal Contributors Dr. Patchin Curtis Director, Deloitte & Touche LLP Mark Carey Partner, Deloitte & Touche LLP COSO Board Members David L. Landsittel COSO Chair Marie N. Hollein Financial Executives International Douglas F. Prawitt American Accounting Association Chuck E. Landes American Institute of CPAs (AICPA) Richard F. Chambers The Institute of Internal Auditors Sandra Richtermeyer Institute of Management Accountants Preface This project was commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control, and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. COSO is a private-sector initiative jointly sponsored and funded by the following organizations: ...

Words: 5365 - Pages: 22