Research Paper: Risk Management Risk and Vulnerability

Pages: 4 (1408 words)  ·  Bibliography Sources: 4  ·  Level: Doctorate  ·  Topic: Business - Management  ·  Buy This Paper


[. . .] For example, for the risk analysis team set up for U.S.-VISIT, this information would be helpful in effectively allocating the required measures in place to avert any leakage of classified information. Finally, it is important for an organization to analyze its internal structures and operations with the aim to identify the measures laid out to prevent attackers and preparedness of the personnel and systems to possible attacks (Aven, 2008).

Best risk management practices

Risk management, if carried out properly can help reduce the occurrence of undesirable events. This can be achieved through four distinct steps; prevention measures, preparedness, response and recovery (PPRR). The first two steps involve the steps the organization takes before a crisis happens to endeavor to prevent it from occurring in the first place. The response phase takes into account the actions taken by the organization during any crisis in order to ensure organization's process return to normalcy and finally the recovery process involves the steps taken by the organization to ensure operations return to the previous or even better state (Johansson, 2007). Figure 2 illustrates this process in detail.

Fig.2 Risk management using PPRR

RISK Management


Actions to prevent a risk event


Measures set to prepare for a risk event


Steps taken to deal with occurrence of a risk event


Actions to ensure return to normalcy




Various risks have different levels of impact on an organization and therefore it is proper to analyze the various risk elements identified into categories. Afterwards, the risks need to be prioritized depending on the probability of each risk actually happening and its expected consequences on the organization and the eventual effect it will have on the organizations' operations. The risk managers are then supposed to evaluate these impacts with regard to cost, time and labor requirements (Zisa, 2011). Figure 3 puts this into perspective.

Fig. 3 Risk probability table

High Impact

Low Probability


High Impact

High Probability


Low Impact

Low Probability


Low Impact

High Probability


Probability of risk

Based on the probability table, the threats identified by the NOKAS team of experts can be graded. The table below shows how the threats identified was graded by the team of experts.

Risk event identified by U.S.-VISIT analysis


Unintentional threats (posed by insider)

Intentional threats (posed by insider)

Intentional and unintentional threats from authorized outsider

Intentional threats from unauthorized outsider





Ways to mitigate identified risks

The department of U.S.-VISIT has identified some mechanisms and measures that are focused on mitigating the risks identified. These measures include establishment of boundary controls and use of authorization and authentication procedures such as username and passwords. Encryption of data has also help to safeguard against interception of communication. It is also very important to train personnel on the correct use of information to prevent privacy glitches. Outsiders may be required to be vetted to ascertain their authorization and required to sign a memorandum of understanding stating that they will conform to various regulations put in place. Better policies should also be legislated to make sure that identified loopholes in the operations of the information system are ironed out (DHS, 2004).


Aven, T. (2008) Risk Analysis: Assessing Uncertainties Beyond Expected Values and Probabilities. Hoboken, NJ: John Wiley & Sons.

Department of Homeland Security (2004) Privacy Impact Assessment: In Conjunction with the Interim Final Rule of August 31, 2004. Visitor and Immigration States Indicator Technology, September 14, 2004. Retrieved from

Homeland Security (2012) U.S.-Visit. Retrieved from

Johansson, J. (2007) Risk and Vulnerability Analysis of Large-scale Technical Infrastructure: Electrical Distribution Systems. Department of Industrial, Electrical Engineering and Automation, Lund University. Vol.1(2)

Lewis, T.G. (2006) Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation. Hoboken, NJ: John Wiley & Sons.

Zisa, L. (2011) Assessing the Risk Management Process in the Banking Industry: Risk Assessment Report -- A Case Study on HSBC. Santa Cruz, CA: GRIN Verlag. [END OF PREVIEW]

Four Different Ordering Options:

Which Option Should I Choose?

1.  Buy the full, 4-page paper:  $28.88


2.  Buy + remove from all search engines
(Google, Yahoo, Bing) for 30 days:  $38.88


3.  Access all 175,000+ papers:  $41.97/mo

(Already a member?  Click to download the paper!)


4.  Let us write a NEW paper for you!

Ask Us to Write a New Paper
Most popular!

Risk Management Explain the Difference Essay

Risk Assessment Report Assessment

Enhancing Systems Security in an Organization Term Paper

Risk Management Tools Term Paper

Top Cyber Security Risks Term Paper

View 681 other related papers  >>

Cite This Research Paper:

APA Format

Risk Management Risk and Vulnerability.  (2012, June 2).  Retrieved May 20, 2019, from

MLA Format

"Risk Management Risk and Vulnerability."  2 June 2012.  Web.  20 May 2019. <>.

Chicago Format

"Risk Management Risk and Vulnerability."  June 2, 2012.  Accessed May 20, 2019.