Accounting for Contingency Plans

¶ … Management of Risk Mitigating Risk Actually, there are a number of different ways that one can answer the interrogative from the CEO about whether risk elimination is possible. Those different approaches involve everything from the philosophical to the pragmatic. However, since it is a CEO that will receive this answer, it is probably more advisable to issue an answer from the latter branch of thought, while merely alluding to some of the tenets of the former.

Risk always exists because of the nature of the world, which in itself is unpredictable and offers no guarantees. To that end, the most vigilant organizations are able to mitigate risk and reduce the likelihood of any disadvantageous occurrences. It is virtually impossible to outright eradicate any possibility of risk, particularly when considering various information technology systems associated with data management and computer networking, for the simple fact that new threats and new possibilities of failure emerge every day.

As such, organizations can assess and plan carefully for risk and detail a number of different methods for decreasing the likelihood of disaster occurring. Yet they cannot abrogate all possibilities for negative occurrences impacting their IT systems because nothing is ever guaranteed in life or in IT. Additionally, there is an inherent human element to risk that helps to maintain its prevalence, despite the fact that organizations can substantially reduce it. Most IT systems still rely on people for certain applications and processes -- people are unpredictable by nature.

The most secure organizations in the world can have one of its key employees decide to expose aspects of its IT systems (as the Edward Snowden example demonstrates) (Louis, 2014). People bring a degree of unpredictability to IT that helps to create a situation in which risk is almost always prevalent. Additionally, technology by nature is fallible, simply because it was engendered by man. Incident Handling Incident handling largely revolves about risk management.

It encompasses risk management and takes it a step or two further in which there is actually action implemented. The risk management process, in this respect, helps to set up and facilitate the means of incident handling. It is critical for the enterprise to have a means of handling incidents in such a way that actuates various elements of risk management.

Therefore, it is critical to create a risk management process that is sustainable and able to be repeated, so that incidents can get handled effectively and in such a way that further incidents will not occur. Thus, detailing the process of incident handling begins with an overview of the risk management process. The initial point of consideration for risk management is to identify various points of vulnerabilities (Jutte, 2014). Such vulnerabilities typically encompass aspects of situations that are both external and internal to the enterprise.

Moreover, once those vulnerabilities are targeted, it is critical to induce safety measures to reduce the sort of risk that those vulnerabilities create. Ideally, one wants to implement security measures that all but eliminate the risk of specific vulnerabilities. However, it is then necessary to go a step further and determine recourses that are applicable in.