IT Security Risk Assessment Essay Example

Introduction

The assessment of an organization's IT security risks is a crucial element of an effective security strategy. The risk assessment is also a valuable tool that justifies future expenditure on the organization's security by the top management. A valid risk assessment protects the organization from potential security breaches as well as the reduction of the effects of such violations in case they occur. It is significant to notice different methods can be used to do IT security risk assessment. Due to this diversity, the results of this assessment are varied. The performance of risk assessment is just part of the entire risk management process (Stanton, Stam, Mastrangelo, & Jolton, 2005). There are three steps followed when performing its risk assessment. The first step is the evaluation and identification of potential assets and evaluates their characteristics. Secondly, for every asset identified, risk assessment is done to determine the potential risks and vulnerabilities that can put the assets into a threat. Lastly, mitigating the designated risk trough transfers, elimination or acceptance of the risk. These three steps constitute a high-level procedure that is followed continuously in all the risk assessment methods.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The critical area of interest is the discussion of the risk assessment, but risk evaluation and mitigation will also be touched. Risk assessment in IT is the analysis of the critical issues that pose security threats to the hardware and software components of a system. Traditionally, risk assessment constituted IT-related issues only, for instance, hardware failures, network problems, and computer uptime. However, the team doing the risk assessment did not keep a record of their assessment report for future use (Jones et al., 2001). A lot of work hence had to be done on the next assessment, and at the end, security gaps are left for months at a go. Therefore, the standard procedure is essential for any team doing security risk analysis on any IT system.

The following hazards were identified their probability of occurrence noted as well. IT security hazards can be internal or external factors that make the organization fail to reach the needed information and assets security objectives.

Natural calamities

These are naturally occurring phenomena beyond human control, and they pose serious security hazards to people's safety and their belongings. Blaikie (2014) stated that a disaster happens when risks face vulnerabilities. Therefore, a methodology is needed to prevent losses or rather minimize losses due to natural disasters. The organization did not have security measures in place to guard against natural disaster since it lacked install extinguishers and fire alarms. This exposed the machines to more damage in cases of fires leading to higher losses to the organization.

System failure

Many organizations try to minimize cost on machines and end up buying cheap computers that pose a hazard in themselves. The devices utilized in this research were inferior, and therefore they were vulnerable to failing to function anytime.

Lack of cloud-based servers.To reduce the cost of securing information, the organization had back up servers in a specific locked room. There was a vulnerability that these backup servers would be affected by external factors such as natural calamities (Pearson, 2013).

The assets that were at risk included the computers, the data stored in the machines and the backup servers (Stanton et al., 2005). The network was at risk of getting stolen because the organization had not invested enough to secure the machines. Also, the computers were at the danger of getting damaged in case of natural disasters such as fires. Information was very vulnerable to lose due to lack of cloud-based servers. The organization only depended on backup servers which were a risk to the Organization's data backed up in them.

The organization's management had a direct influence on the IT systems security breaches that endangered the security of its information and the IT-related assets. This was the case because the measures it had put in place to secure its assets and knowledge in the IT systems did not reach the standards required to provide confidentiality of its data. Also, the assets were at risk of poor handling and misuse because there lacked policies that defined the administration of these assets by its employees (Ng, Kankanhalli, & Xu, 2009). During the risk assessment, it was noted that the organization had not prepared for unforeseen threats to its It assets and data because they were not insured against such perils.

Due to the reason that the organization's IT security management had a significant impact on the security level of its assets and data, this paper provides recommendations to improve the overall security to mitigate the risks would reduce the vulnerability of its assets and data to such threats. The core of all the suggestions is that there is a need for the management to invest more in protecting its data and assets (Stanton et al., 2005). This is because the administration is responsible for any security breaches since they had not put enough measures in place to guarantee the protection of its assets and data from potential attacks both internally and externally.

References

Blaikie, P. M., Wisner, B., & Cannon, T. (2014). At Risk: Natural Hazards, People's Vulnerability and Disasters. Florence: Taylor and Francis.

Jones, W. D., Aud, S. J., Hudepohl, J. P., Flournory, M. L., Snipes, W. B., & Schutz, E. C. (2001). U.S. Patent No. 6,219,805. Washington, DC: U.S. Patent and Trademark Office.

Ng, B. Y., Kankanhalli, A., & Xu, Y. C. (2009). Studying users' computer security behavior: A health belief perspective. Decision Support Systems, 46(4), 815-825.

Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer, London.

Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computers & security, 24(2), 124-133.