Add to collection(s) Add to saved
  1. No category
Uploaded by jonny bairstov

1F67FC59-FCA4-4824-B39B-57206DC198A2

advertisement 
Risk Management Process
An organisation always has some vulnerabilities. Because of this, there will always be a risk
to the organisation. If these risks are ignored or remained unsolved, huge losses can be
affected to the organisation. For this, there is a process known as Risk Management
Process (The process of managing risks to organizational operations, organizational assets
or individuals resulting from the operation of an information system.)
The risk management system mainly involves five stages and those are as follows:
1.
2.
3.
4.
5.
To establish the context.
To assess the risk.
To treat the risk.
To communicate and consult from the experts.
To monitor and review the risks.
Elaboration of the Stages of Risk Management
1. To establish the context
It is necessary to ensure an effective risk management process. The extent of the
process should be decided with the organisational goal. Risk criteria must be
consistent with risk management policy. When defining the risk criteria, the factors to
be considered should include the nature and type of the consequences or causes
which can occur.
2. To assess the risk
Risk assessment is used for describing the overall process or steps where we can identify
the risk, analyse it and evaluate it. In other words, it looks at the damages occurred to the
system and shows how to control or eliminate such damages from occurring again.
a) Risk Identification- To find, list and describe the risk.
b) Risk Analysis- To understand the background of the risk and to describe the risk.
c) Risk Evaluation- To compare the given risk with an approximated risk to evaluate the
importance of the risk.
3. To treat the risk
In this stage, the risk is treated by taking appropriate measures to see what changes
made to reduce or eliminate it. It can include avoiding of the risk, transfer of the risk
based on their impacts and probability, reduction of the risk or to accept risks which
have very low impact and probability.
4. To communicate and consult
In this stage, an individual or an organisation can communicate with the consultants
so that they can share their ideas and views about a particular process and discuss
about it. Companies and organises communicate with the experts to get updates
about any misjudgement in the risk management process.
5. To monitor and review
This is the last stage of the process. Monitoring and reviewing are similar things, but
the in these two is that monitoring is the regular process of analysing while reviewing
is done mainly at the end of the process or one process at a time. This process is
mainly done to ensure that the risk management process is running smoothly.
By keeping these stages in mind, a design for cyber security program can be
implemented in an organisation or a company in following ways:
Implementations to design a cyber security program in an organisation

The reputation of the company is dependent on the security of the
system. The first priority must be given to create a proper security plan
for managing the risks and threats to the system.

I will go through the company’s previous security systems and check
what were the problems because of which, the security systems were
a failure.

After checking the previous security systems, I will check the current
security system and see what are its vulnerabilities.

I will also make certain policies and protocols for this system which
must be followed by my colleagues and staff members.

The ideas of my colleagues will also be taken in consideration which
will help to improve the security system.

Once I have considered all the threats and vulnerabilities that can
affect the system, then I will look for best security solutions such as
Antivirus, Software, Firewalls, Strong passwords, etc.

Finally, I will keep reviewing the steps and measures frequently that I
have taken for the system.
These are my implementations for designing a cyber security program and with the help of
this I can ensure the safety of the system and the organisation.
Sr
.
N
o
Item
Asset
value of
one item
in (Rs)
Numbe
r of
Servers
Total
Asset
value
1
Servers
10,00,00
0
31
1,60,00,00
0
2
Operating
System
cost
Applicatio
n software
Network
devices
Security
devices
Power
generating
equipment
Non-IT
assets
(Like
furniture,
etc.)
10,00,00
0
1
10,00,000
1 in 40
28,571.43
15,00,00
0
-
3
45,00,000
0.2
9,00,000
-
20,00,000
0.2
4,00,000
-
-
25,00,000
0.2
5,00,000
12,00,00
0
2
24,00,000
0.05
1,20,000
-
-
5,00,000
0.05
25,000
3
4
5
6
7
Exposure
factor
(Probability
of
occurrence
)
1 in 35
SLE
Rate of
occurrenc
e of faults
AR
O
ALE
4,57,142.8
6
4 servers in
three
months
Once in six
months
1
4,57,142.8
6
2
57,142.86
Once a
month
Once every
six months
Twice a
month
Once a
year
12
1,08,00,00
0
8,00,000
1
1,20,00,00
0
1,20,000
Once in five
years
0.2
0
Total ALE
Sr No.
Recommendations
1
Reduce (Low Impact \ High Probability)
2
Reduce (Low Impact \ High Probability)
3
Avoid (High Impact \ High Probability)
4
Avoid (High Impact \ High Probability)
5
Avoid (High Impact \ High Probability)
6
Reduce (Low Impact \ High Probability)
7
Non-IT Asset
2
24
Rs.2,42,34,285.7
Apart from that, the data centre has to be protected against floods and theft. The flood can
damage the entire data centre and theft can lead to losses of Rs.10,000. In Pune, the
probability of flood is once in 50 years and that of theft is 0.001
Flood
Theft
SLE
4,39,00,000
10,00,000
ARO
0.02
0.001
ALE
8,78,000
1000
Total=8,79,000
Total ALE
ALE due to flood and theft
Grand theft
2,42,34,285.7
8,79,000
Rs. 2,51,14,286
Related documents
Vision
Vision
LESSON7-ASSINMENT-22
LESSON7-ASSINMENT-22
In order to make sure that the organisation is able to deliver on its
In order to make sure that the organisation is able to deliver on its
Download
advertisement