Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Once the company has decided to accept and mitigate the risk, it has several solutions to managing the risk. Steve Elky at the SANS Institute points out that there are at least five methods for risk management, namely the NIST methodology (National Institute of Standards and Technology), the OCTAVE methodology, the FRAP methodology, the COBRA methodology and the Risk Watch methodology. The challenge at this level is for the economic agent to identify those precise methodologies which best respond to their specific needs.
In the context of the medium sized company with 500 user enterprise architecture, the recommendation for usage is represented by a combination of three independent tools. Taken separately, each of the risk control tools has its own advantages and disadvantages. Nevertheless, through their combination, the company would become better able to serve its specific needs through the maximization of the advantages of the three methods and the minimization of their shortages. The three methods are the NIST methodology, the COBIT 5 method and risk watch.
The NIST methodology has the primary advantage of being technical and supervising technical process based on standards and rules imposed by the industry. This method is to be applied through nine specific steps, as follows: (1) the characterization of the system; (2) the identification of the threats; (3) the identification of the vulnerabilities; (4) the analysis of the control; (5) the determination of the likelihood; (6) the analysis of the impact; (7) the determination of the risk; (8) the formulation of control recommendations and last, (9) the documentation of the results (Elky, 2006).
Then, the COBIT 5 method is selected due to its ability to serve the business needs of the medium sized enterprise. Specifically,...
The COBIT 5 is as such recommended as it is the only risk management tool designed for IT components, but based on a business framework (ISACA).
Last, the third component of the risk management mechanisms proposed for the medium sized enterprise is represented by Risk Watch, which is a tool to be integrated in various control mechanisms in a recurrent and constant manner.
"Risk Watch is another tool that uses an expert knowledge database to walk the user through a risk assessment and provide reports on compliance as well as advice on managing the risks. Risk Watch includes statistical information to support quantitative risk assessment, allowing the user to show ROI for various strategies" (Elky, 2006).
All in all, risk management among IT structures is complex and the academic community has yet to devise a universally accepted method of control. In such a setting, it is recommended for each institution to devise its own control mechanisms, based on their own needs and particularities.
References:
Collier, P.M., Agyei-Ampomah, S., 2009, CIMA official learning system performance strategy, 6th edition, Elsevier
DuBrin, A.J., 2011, Essentials of management, Cengage Learning
Elky, S., 2006, An introduction to information system risk management, SANS Institute, http://www.sans.org/reading_room/whitepapers/auditing/introduction-information-system-risk-management_1204 last accessed on July 10, 2012
Cobit 5: a business framework for the governance and management of enterprise IT, ISACA http://www.isaca.org/COBIT/Pages/default.aspx last accessed on July 10, 2012
Risk Management The objective of this study is to discuss the role and nature of organizational risk management in justice and security organizations and why it is so important. The following will be addressed in the assessment; (1) risk planning and resource identification; (2) management of risk in justice and security organizations; (3) costs associated in managing risk; (4) consequences of failing to manage risk; and benefits; and (5) benefits a
Risk Management in Hedge Funds A research of how dissimilar hedge fund managers identify and achieve risk The most vital lesson in expressions of Hedge Fund Management comes from the inadequate name of this kind of alternative investment that is an alternative: The notion that all methodical risks are differentiated away is not really applicable here, with the Hedge Fund returns, in realism, representing a mixture of superior administration of market
Risk Management Project management is a practical and academic field of growing importance as deadlines in the business world grow ever more rushed and profit margins grow ever slimmer. The need to maintain tight efficiency and cost control over all elements of a project is quite strong and growing stronger as competition in most industries grows more fierce, and this is exactly why project management is so increasingly useful. It is
(Smith, 2003) Checking twice, or more than twice may be less important than securing a diversity of views in such an arena. (Smith, 2003) The ability adequately communicate risk levels amongst providers can become difficult. Also, hasty words can create a misperception in the minds of patients, if a doctor speaks too casually. "Science cannot prove a negative, but, where their children are concerned, parents want to be assured that
Risk Management Financial derivatives are an innovation in the field of finance that enable us to understand, measure and manage our financial risks. The definition of financial derivative according to the textbooks is of a financial instrument, and the value of any financial derivative is based on the value or values of the underlying securities or groups of securities that constitute the derivative. It can be said that there have been
The SMART-Ra solution is characterized by the following: The formal assessment of the risks through the employment of the ISO 27005 standards and the OCTAVE techniques The systematic assessment of the risk through the PDCA model (plan, do, check, act) The automated risk assessment through the Fast Ra feature, which "provides fully automated risk assessment with a built in database of standard assets, threats, vulnerabilities and controls" (Website of SMART-RA) The creation of