Introduction
Critical infrastructures can be defined as networks, IT equipment', physical assets, information or data, and systems that are considered sensitive and significant to the United States, and if they are accessed by the wrong people or destroyed could cause great impacts or weaken the state's financial, or physical security, safety, public wellbeing, and the effective functioning of the state Administrations or institutions (Yan & IGI Global, 2010). Therefore, the mission of the critical infrastructure is to strengthen the entire American and United States society. However, in the recent years, it has become very challenging for the state to protect its critical infrastructures from cybercriminals and attacks due to the developing and advancing of technologies, lack of qualified personnel's to work in the cybersecurity field and the evolving cyberattacks. If the government's sensitive data is hacked, the information can be used to take down the Americans system or take over some functions of the United States, which can result in significant problems that would affect the people's lives and the American society.
Recommendations
For the United States government at all levels to help prevent cyber threats, they should take all measures to harden its systems and implement security actions or policies that can be used to protect its systems from being hacked or accessed by people with wrong intentions that can cause harm to the American people. Therefore, the United States government should put up strong tools, policies, and features in their system that can help prevent cybersecurity and to alleviate the perceived cyber risks and vulnerabilities facing the critical infrastructure. The government should also employ professions, improve their security technologies in the systems and hire best practices to help prevent data breaching and reduce the dangers that the critical infrastructures systems may be facing.
The Tiers of Risk Management
Different organizations have various approaches in which they provide risk management strategies within the organization. Organizations use different methods to identify and review the possible risks that they are likely to experience, which help them to identify and plan for the steps to take to protect the people concerned or involved and the organization at large. Therefore, risk management is an activity that involves the integrated into every aspect of the organization which are; the organization level, the information system level, and mission and business process level (Durst & Henschel, 2020). Therefore, there are three tiers of risk management since one person cannot be able to prevent and control the risks for the entire organization, and the overall risk management process influences and affect different part of the business.
Tier 1: The Organization or Governance Level
The risk management in this level focuses on the overall functioning and operations of the business. In this strategy, the management can identify how the entire business functions or works. Therefore, this tear addresses risks from a general organization perspective.
Tier 2: Mission or Business Process Level
In this strategy, the organization is focused on the specific function within the business or business process, practice, unit or area which is mainly guided by the risk management in tear 1
Tier 3: Information Systems or Environment of Operations
This level of risk management is concerned on all the information systems of the organization and individual systems that may be found within the business, which is greatly impacted by tier 1 and 2.
The Risk Management Process
For an organization or business to run smoothly and effectively, the management must be able to put into action a systematic risk management process (Shoemaker & Sigler, 2014). The risk management process involves the following;
Identify the Risk
The management should be able to identify and describe risks that might affect the business or projects outcomes
Analyze the risk
Once the risks are identified, the management should be able to determine and understand the nature and consequences of each risk and how each risk can affect the objectives and goals of the organization or project.
Evaluate the Risk
After identifying and analyzing the risks, the management and the team should be able to evaluate the risks based on its magnitude and effects on the project.
Mitigate or Deal with the Risk
One the management has discovered, analyzed, evaluate the risks they should come up with the methods or ways to deal with each risk and its consequences.
Monitor and Review the risk
After the entire process of identifying, analyzing, evaluating, and deal with each risk, the management should be able to monitor the risks and review the consequences and effects of e risks and ensure that the does not happen in the future if the risk can cause harm to the organization.
Ways to Respond to Risk
The response to different risks depends on the type of risk, impacts of the risks to the business, and the organization's attitude to the risk (Shoemaker & Sigler, 2014). In today's developing world, most businesses and companies are experiencing a different kind of threats, particularly in the IT and information management as the operations and digitization continue to grow. Organizations are vulnerable to risks such as cybersecurity which involves data leakage, data theft, system hacking and denial of services, and corporate sabotage. However, there are different ways that organizations can use to respond to such risks which include;
Accepting the Risk
An organization or a business may accept the risk if it does not harm the business and the cost of eliminating it is too high.
Transfer the Risk
A business or an organization may decide to transfer the risk through the insurance if they are not able to manage it.
Reduce the Risk
The management can help reduce the risks by implementing a safety measure to prevent the risks
Eliminate the Risk
Finally, a business or an organization may decide to eliminate risk if it can cause harm to the business by changing their operations.
The Federal Information Security Management Act (FISMA)
FISMA is legislation passed in the United States, in 2002, to help prevent, reduce, and protect the federal government information or data, assets, and operations from security risks (Gantz & Philpott, 2013). The act established a set of security and guidelines standards that state organizations and agencies have to meet (Gidiere, & American Bar Association, 2006). For example, the head of each agency and program officials, to perform yearly assessments of data security programs, with the aim to reduce risks at or below acceptable levels in an efficient, cost-effective, and timely way.
The IT Security Law
Despite the great efforts for the congress trial to pass an updated IT Security Law, they have not succeeded due to various reasons. One of the reasons why it has become so challenging for us to pass an updated IT security Law is that the federal government and the private sector do not agree on what kind of liabilities are appropriate to be passed into cybersecurity law. Another reason is that both the private sector and federal government fear that one party might exploit the other and some will be given less right than the other once the updated IT security Law is passed into law. Also, it is challenging to pass the updated IT security Law because due to the fast-growing world and technologies, there have been new threats and vulnerabilities emerging. Therefore, security risks keep changing and increasing. As a result, these updated IT security Law needs to be improved and increased in different fields.
References
Durst, S., & Henschel, T. (2020). Knowledge Risk Management: From Theory to Praxis. Available at: Cham Springer International Publishing 2020. http://www.worldcat.org/oclc/1139759009
Gantz, S. D., & Philpott, D. R. (2013). FISMA and the Risk Management Framework [Recurso electronico]: The New Practice of Federal Cyber Security. Available at: Estados Unidos, Syngress. http://www.worldcat.org/oclc/1045661515
Gidiere, P. S., & American Bar Association. (2006). The Federal Information Manual: How the Government Collects, Manages, and Discloses Information Under FOIA and other Statutes. Available at: Chicago, Ill, ABA Section of Environment Energy and Resources. http://www.worldcat.org/oclc/1037780657.
Shoemaker, D., & Sigler, K. (2014). Cybersecurity: Engineering a Secure Information Technology Organization. Available at: Australia, Delmar. http://www.worldcat.org/oclc/1064646773
Yan, Z., & IGI Global. (2010). Trust Modeling and Management in Digital Environments: From Social Concept to System Development. Available at: Hershey, Information Science Reference. http://www.worldcat.org/oclc/556968804.
Cite this page
Paper Example on on Protecting Critical Infrastructure: A National Priority. (2023, Jun 19). Retrieved from https://proessays.net/essays/paper-example-on-protecting-critical-infrastructure-a-national-priority
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Course Work on Risk Management and Organizational Change
- Pilot Union Reject Tentative Pact with American Airlines: Article Analysis Essay
- Paper Example on Evidence-Based Practice in Clinical Decision Making
- Nurse Leadership Styles in Promoting Electronic Medication System
- Essay Sample on Contingency and Situation Theories of Leadership
- Banker's Acceptance - Essay Sample
- Essay Example on Johnson and Johnson's Pharmaceuticals