Term Paper: Risk Management Tools

Pages: 4 (1118 words)  ·  Bibliography Sources: 4  ·  Level: Master's  ·  Topic: Education - Computers  ·  Buy This Paper

Risk Management Tools

The IT environment is probably the most complex and rapidly developing field in the modern day society and it presents individuals and groups with numerous opportunities and challenges. But what is often overlooked is the fact that the IT sector in itself faces numerous risks, such as the possibility for an IT effort to exploit a vulnerability within the system or the risk that an IT effort would cause more harm and strains on the IT system.

In such a context then, the management of the IT risks is a crucial process which has to be completed by all parties. The specialized literature on the topic of IT risks is rather scarce, given the relative novelty of the topic, as well as the difficulty in generating a solution to mitigating the IT risks. Within a business context, the common recommendation is that of developing and implementing strategies that are tailored to the specific issues of the system. Within the IT context nevertheless, the emphasis falls on the automation of the Risk Management techniques, in order to generate both operational as well as cost efficiencies in the processes of the IT departments.

At the specific level of risk management automation, there are several tools that can be employed by the IT departments across the globe. One example in this sense is represented by the automation of risks with the usage of the NIST standards (National Institute of Standards and Technology), which is implemented through nine gradual; stages, as follows:

(1) The characterization of the system through questionnaires, document review and automated scanning tools through the use of the Security Content Automation Program (SCAP).

(2) The identification of the natural, human and environmental threats. The use of the Microsoft products is mostly common at this stage, which identifies the following threats: environmental, human error, malicious insiders and malicious outsiders.

(3) The identification of the sources of vulnerability through scanning process and the use SCAP and the Automated Risk Management program.

(4) The assessment of the control levels and the safeguarding of the system

(5) The determination of the likelihood as high, medium or low, based on the motivation of the threat, its capability and the control of vulnerability.

(6) The assessment of the impact as high, low or medium, based on the impact on the assets, the organizational mission, reputation and interest and the death or injury of humans in the system.

(7) The determination of the risk in terms of risk assessment through the computation of algorithms and the identification of low, medium or high impacts.

(8) The formulation of control recommendations through reports which "give a mapping of the featured safeguards which are missing, against the identified risks in order of impact" (ACR 2 Solutions)

(9) The documentation of the results in tables and charts of baseline reports and risk assessment charts.

All in all, "information security risk management has become so complex that only automation will make it possible to enjoy a reasonable degree of information security. The products from ACR, including scanning, risk assessment and integrated risk management, can help deal with the ever increasing threats to information security. The NIST protocols define "appropriate safeguards" for information security. The ACR automation of the NIST protocols makes the appropriate safeguards usable and affordable" (ACR 2 Solutions).

Another potential solution to automating the assessment of IT… [END OF PREVIEW]

Construction Project Risk Management Research Paper


Risk Mitigation Tools Article Review


Risk Management Explain the Difference Essay


Risk Management Assessment


Financial Risk Management Research Paper


View 999 other related papers  >>

Cite This Term Paper:

APA Format

Risk Management Tools.  (2012, July 15).  Retrieved August 22, 2019, from https://www.essaytown.com/subjects/paper/risk-management-tools/945464

MLA Format

"Risk Management Tools."  15 July 2012.  Web.  22 August 2019. <https://www.essaytown.com/subjects/paper/risk-management-tools/945464>.

Chicago Format

"Risk Management Tools."  Essaytown.com.  July 15, 2012.  Accessed August 22, 2019.
https://www.essaytown.com/subjects/paper/risk-management-tools/945464.