I. T Risk Assessment

I . T Risk Assessment. How a Risk Assessment Can Save Your Business.

I.T RISK ASSESSMENT. T h i s i s a s y s t e m a t ic e x a m i n a t i o n I.T environment a n d a combined effo r t of identifying and analyzing potential events that may negatively impac t I.T assets . It is the process of identifying security risks and assessing the threat they susceptible to..

The pu r pose of an IT r isk assessment is to ensu r e all vulne r abilities and sho r tfalls a r e identified and add r essed p r ope r ly..

The fi r st step is to identify all the info r mation, p r ocesses, and info r mation assets that a r e c r ucial o r impo r tant fo r the functioning and secu r ity of the business. Identifying these c r itical components will help us decide what we want to p r otect, and what the consequence of losing them would be..

Step 2 : Identify vulne r abilities and th r eats:.

Example of risk related event..

Some r isks a r e mo r e seve r e than othe r s, so at this stage, we need to dete r mine which ones we need to be most conce r ned about..

In doing this, we should first a nalyze existing counter measures (controls) in place , determine if they are adequate to mitigate the risk. If gaps exist, we should create an action plan to fix the gaps or to support the existing controls . While we' r e not expected to eliminate r isk, as often this isn't possible, we should take action that are proportionate or commensu r ate to the level of r isk. - This determines the Adequacy of the control in place . R isks that pose a bigge r th r eat should r eceive mo r e extensive cont r ol measu r es than low- r isk haza r ds..

Reco r d You r Findings. RISK ASSESSMENT FORM LIKELIHOOD -S Theft of cash RISK ASSESSMENT SAMPLE RISK RATING.

Wo r k envi r onments a r e constantly changing — new people come and go, equipment and p r oducts a r e swapped, and trialed, and new mate r ials a r e int r oduced. And the mo r e a wo r kplace changes and additional IT assets a r e int r oduced, the less r elevant the r isk assessment becomes. T o make su r e r isk assessments a r e up to date and inclusive of all potential haza r ds or loss, they need to be r eviewed and potentially updated eve r y time the r e a r e significant changes in the wo r kplace..

RISK ASSESMENT TECHNIQUES & TOOLS:. T H E R E A R E N U M B E R T OO L S W E U S E T O I D E N T I F Y , E V A L U A T E R I S K W I T H I N T H E E N V I R O N M E N T . LET'S L OO K A T 5 O U T O F THESE TOOLS: BRAINSTORMING DELPHI METHOD R OO T C A U S E A N A L Y S I S WHAT -IF- ANALYSIS C H E C K L I S T A N A L Y S I S.

Brainstorming is a situation where a group of people meet to generate new ideas and solutions around a specific domain of interest without restrictions. People are able to think more freely, and they suggest as many spontaneous new ideas as possible. All the ideas are noted down without criticism and after the brainstorming session the ideas are evaluated. Same technique for is used in r isk assessment, a group of risk professionals would come together to brainstorm and analyse the risk . ..

The Delphi method is a process used to arrive at a group opinion or decision by surveying a panel of experts. Experts respond to several rounds of questionnaires, and the responses are aggregated and shared with the group after each round..

When applying the 5 Whys technique , you want to get to the p r oblem's essence and then fix it. Actually, the 5 Whys may show you that the sou r ce of the p r oblem is quite unexpected. This is a simple and powe r ful technique fo r discove r ing the r oot of the p r oblem ( the r oot of the r isk )..

What-if Analysis consists of structured brainstorming to determine what can go wrong in a given scenario; then judge the likelihood and consequences that things will go wrong..

A checklist risk analysis helps to analyze and evaluate vulnerabilities , existing controls and other actions required to m i t i g a t e th e r i s k . I t m a y h a v e b ee n c r e a t e d b y a n individual or be the result of a previous risk analysis..

Othe r Tools:. Swot Analysis (STRENGTH, Weakness, Opportunities And Th r eats)St r engths and weaknesses a r e identified fo r the p r oject and thus, r isks a r e dete r mined. Inte r viewing : An inte r view is conducted with p r oject pa r ticipants, stakeholde r s, expe r ts, etc to identify r isks. . Documentation Reviews : The standa r d p r actice to identify r isks is r eviewing p r oject r elated documents such as lessons lea r ned, a r ticles, o r ganizational p r ocess assets, etc 4 .Info r mation Gathe r ing Techniques : The given techniques a r e simila r to the techniques used to collect r equi r ements..

Qualitative r isk analysis tends to be mo r e subjective. It focuses on identifying r isks to measu r e both the likelihood of a specific r isk event occu rr ing du r ing an asset life cycle and the impact it will have should it mate r ializes..

Quantitative r isk analysis is a nume r ic estimate of the ove r all effect of r isk on the p r oject or an asset..

Risk r esponse is the p r ocess of cont r olling identified r isks. It is a basic step in any r isk management p r ocess..

Mitigate. T r ansfe r. A cc e p t. Enhance. S h a r e.

RISK MITIGATION Risk mitigation involves taking action to r educe an o r ganization's exposu r e to potential r isks and r educe the likelihood that those r isks will happen again..

Cont r ols a r e bo r n out of you r r isks; It is a best p r actice fo r all cont r ols to be t r aceable to the r isk its mitigating. Ou r ove r all goal is to p r event ce r tain r isks f r om m materializing. To mitigate policies and p r ocedu r es are developed to help p r event them. The p r ocess of st r ategically c r eating cont r ols is what " r isk mitigation" r efe r s to..

To bette r unde r stand r isk mitigation, let's examine some r eal-wo r ld examples o f c o n tr o l s — o r p r o c e ss e s a n d p r ocedu r es that we use in ou r eve r yday lives to r educe ce r tain r isks f r om mate r ializing ..

MITIGATING FINANCIAL RISK. We need money to su r vive on a daily basis. We also need it to be p r epa r ed fo r the possibility of a majo r life event r equi r ing a la r ge sum of money be put fo r wa r d, and fo r when old age p r events us f r om being able to ea r n money th r ough a job. In o r de r to stay financially secu r e, we may decide to: We maintain a monthly budget and r eco r d of ou r expenditu r es . Keep an eme r gency fund in a liquid savings account Pay cash fo r lot of things to ensu r e we' r e not buying anything we cannot affo r d.

T r eating those we love with kindness and r espect Consistently calling, sending ca r ds and visiting Cutting out r elationships with people who don't t r eat us well (in o r de r to make mo r e time fo r those that do).

D r ink plenty of wate r (the r ecommended amount fo r ou r body size) Sta y away f r om toxic behavio r s like smoking, d r inking o f eating p r ocessed foods . Exe r cis e r egula r ly.

Risk Mitigation and Risk Response a r e plan that a r e put in place to eithe r minimize the p r obability that a r isk will occu r and the impact if it does occu r . Togethe r they make a pa r t of the r isk planning p r ocess..

WHAT ARE CONTROL S? Controls are Safegua r ds , counte r measu r es to mitigate r isk to the acceptable level by the o r ganization. It is the Measu r e that is modifying r isk..

WOW! THE WORLD WOULD BE IN DISARRAY WITHOUT MR.CONTROL.

Summary. we have learnt about risk assessment in information security and how vulnerability in an environment can be exploited which can lead to threat . We also learnt about the various techniques of assessing risk in our environment we learnt about the processes involved in IT risk assessment We talked about risk mitigation and real life examples of mitigating risks.