Managing Security Risks Paper Example

Introduction

Today, the world is experiencing numerous challenges due to the changes happening in the security sector (Taylor, 2014). The question that authorities should be asking themselves is, what if the next decade comes with the destruction of their country's critical infrastructure? For an effective offset of the worries, the authorities need to apply appropriate risk management strategies which helps prevent an attack of the foundations. Cherdantseva et al. (2016) describe risk management as the process of assessing risks and economically applying resources to monitor and control the possibility and impacts of sudden attacks. For proper comprehension of the aspects of risk management, this paper explores security risk information changes, critical infrastructural ownership, and the roles of different stakeholder in control of the menaces.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Risk Information, Case Study, Input, and Output

Rinaldi and Kelly (2001) state that risk management is a complex process, beginning from the collection of information to the formulation of necessary implementation procedures. The steps include strategizing, operating, financing and complying. Application of these steps depends on the management team and the qualities of its leader. (Gordeychik, Lavrentyev, & Doukhvalov, 2017). For example, to help prevent future attacks, a governor requires different information from what a facility manager and the output of the two vary. Eyre (2015) explains how an administrator uses general information as opposed to the technical, scientific data of the facility manager. Such information includes why groups are engaging in crime, which infrastructure the group targets and which government department the attack harms most. A governor facilitates the formulation and implementation of laws against a security breach. He/she sets a strict regulatory enforcement framework that supplements the management process.

On the other hand, a facility manager needs more scientific and technical data in preventing and resolving security management issues (Lallo, Griscioli, Lospoto, Mostafaei, Pizzonia, & Rimondini, 2017). A facility manager needs data about the type of risks and the severity of the dangers from which he/she selects best methods of resolving and preventing further attacks. For example, if a building housing a business goes operational, facility manager develops appropriate technical safeguards. The manager incorporates data from government sources like the Department of Homeland Security, from which he/she grades the infrastructure and determine if it is fit to resume operations or if it requires rehabilitation.

A classic example is the September 11 terrorist attacks in 2001 on United States of America USA Twin towers. The offense is among the most significant destruction in records resulting from poor information security risk management. Before the attack, Central Intelligence Authority (CIA) discovers that Afghanistan owns their telecommunications network. This ownership gives Afghanistan access to the CIA and the American government's security information and secrets, putting the Authority at risk of cyber-controlled- attacks. After the collapse, the building lacks signs of debris striking it from the outside, and the cleaning team finds no computers in the building.

As an administrator, a government develops regulatory approaches to address such incidences (Taylor, Fritsch, & Liederbach, 2014). The first step the US government does is to direct attention towards protection of critical infrastructures. The government forms the International Traffic in Arms Regulations (ITAR) and the Foreign Corrupt Practices Authority (FCPA) which ensures that investigation of all crimes against infrastructure and provide a framework for arrest and prosecution of perpetrators. Also, the executive orders that companies that fail to perform proactive procedures to search for disclose, and solve misconduct will carry the penalties in case a regulatory agency discovers it. Gordeychik (2017) postulates that through the sharing of safety information, it is easy to prevent crimes that information technology stimulates. The US government implements this by directing that companies and organizations share such information. Due to the government initiatives, programs and legislation of physical security of critical infrastructure stability have improved.

Lee (2013) says that its only through scientific and technical evaluation of an infrastructure that tells its suitability. After post attack examination of the towers, technical data raises a question on the appropriateness of its design and facility managers question its structural integrity. According to the managers, design engineers need to give products that withstand even impacts of plane crashes. Improvement in the engineering characteristics of infrastructure designs helps give secure projects.

Who Owns Risks in Critical Infrastructures and Cyber Risk

Rinaldi (2001) describes ownership of risk in two ways including who controls the infrastructure and who the society expects to receive protection from in case of. Regarding the former point of view, in every industry, not a single participant controls the entire industry. Therefore, experts never pin ownership of risk of critical infrastructures to a particular group. However, private enterprises control the most significant fraction of the infrastructures economy Due to this influence; the sector has partial ownership of the risks, both of critical infrastructure and the cyber world (Macaulay, 2016). Thus, it is a responsibility of the sector to ensure proper intra-organizational and inter-organizational conduct that facilitate infrastructural security.

In any nation, critical infrastructure acts as the backbone of the country's wealth and health (Lallo, Griscioli, Lospoto, Mostafaei, Pizzonia, & Rimondini, 2017). Due to the importance of the infrastructures to the wellness of a nation, governments assume the ownership of the threats that terror groups direct to such support. The government, however, concerns itself with how to eliminate risks and prevent the destruction of the goods then how to possess most of the property as the case of private industry. The government facilitates protection of the infrastructures.

Since ownership of goods of any country touches all sectors, management of their risk becomes a responsibility of all stakeholders (Macaulay, 2016). The stakeholders include governments, industry partners, and non-government organizations. Despite the ownership, it is essential to practice partnerships and information sharing. This approach is the building block for preventing physical attacks and cyber-initiated attacks. The method also aids in the development of plans and exercises to address these risks. Because cyber threats increase year after year, national governments assume ownership of such attacks and formulate measures to contain the crimes. Different national department spearhead implementation of security risk management. For instance, the USA government designates the mandate to homeland security. (Miron & Muita, 2014). Through such agencies, the government sets up different sectors depending on the expertise. For instance, information and communication technology responsible for the secure cyber world, and the health sector that ensures safe and reliable health facilities. One of the responsibilities of the divisions is to report to homeland security about the safety of their environment and suggest any measure necessary to improve their security.

In the cyber world, the ownership varies with the of the siding industry, company, and the region. This variation results from the evolution of different roles with security and technological requirements. Stakeholders consider information technology the 'owner' of data, which is the only custodian of the applications, systems, and infrastructure. Security teams put proper controls on the data and handle the threats aiming it. In the industry, people, process and procedural elements are as vital as the technology put in place, with the evolution of the former only difference to suit the scope of the particular implementation creating the difference (Cherdantseva, 2017).

Roles of Stakeholders in Critical Infrastructural

A nation's wealth and security rely on the manufacture and supply of critical products. For their effective management, stakeholders play specific roles depending on the nature of business their two runs (Lee, 2015). Governments facilitate legislation and enforcement of laws that help reduce the attacks on the products. The government promotes law enforcement agencies to the private sectors and facilitate investigating, arresting and prosecuting crime perpetrators. Also, government issues executive orders and directives that help prevent the attacks. In 2015, due to an increase in technology-related crimes, USA president Barrack Obama signed a law that establishes standards in regards to cybersecurity. The orders effect was allowing companies to share classified threat information.

The government also partners with private companies' sector to advance cybersecurity (Von Solms, & Van, 2013). In his work, Macaulay (2016) says that good cybersecurity management involves communication across the user community. Companies implement this by sharing information about imminent attacks. With this tactic, companies keep their systems safe without putting vast quantities of personal data on clients over the absence of government due process (Lallo, Griscioli, Lospoto, Mostafaei, Pizzonia, & Rimondini, 2017). The companies also implement rigorous compliance programs and voluntary discloses and remediate any failures that occur through their system.

The academic class also play a critical role in protecting the infrastructures. The concepts of effective protection develop after academia examination on the causes and trend of such attacks. The class predicts the possibility of imminent attacks, and suggest scientific approaches necessary to prevent the attacks. The course also facilitates scientific and technological transfers to the younger generation (Taylor, Fritsch, & Liederbach, 2014). This transfer sustains the protection of critical infrastructures.

Gordeychik et al. (2017) agree that the protection of a nations critical infrastructure fails if the state sidelines non-governmental organization. For example, organizations like Transparent Hands Foundation and Lutheran services in America engage huge populations in and beyond borders. Their incorporation helps spread the efforts of infrastructural protection. Since the platforms have major internet as its main store and supply of information, the organizations take precautions to infrastructural attacks, majorly cyber-attacks. Non-governmental organizations ensure member participates in the placement of security policies and have an understanding of the tactics and methods of cybercriminal associations (Von & Van, 2013).

Conclusion

From the discussion, security risk management is an essential factor and topic to be familiar with in the computer science spectrum. Understanding the concepts of security risk management helps stakeholders to play their roles effectively. The two types; internal and external security risks require a different approach for their effective management. Depending on the stakeholder with intent to manage the risk, the process would need different input and produce varied output. The study confirms the need for collective ownership of critical infrastructure, with a national government, industries, academia and individual playing a part in protecting the resources. Employment of technology would help avert the attacks which are facilitated using cyber means.

References

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K...