¶ … Management of Risk
Mitigating Risk
Actually, there are a number of different ways that one can answer the interrogative from the CEO about whether risk elimination is possible. Those different approaches involve everything from the philosophical to the pragmatic. However, since it is a CEO that will receive this answer, it is probably more advisable to issue an answer from the latter branch of thought, while merely alluding to some of the tenets of the former. Risk always exists because of the nature of the world, which in itself is unpredictable and offers no guarantees. To that end, the most vigilant organizations are able to mitigate risk and reduce the likelihood of any disadvantageous occurrences. It is virtually impossible to outright eradicate any possibility of risk, particularly when considering various information technology systems associated with data management and computer networking, for the simple fact that new threats and new possibilities of failure emerge every day. As such, organizations can assess and plan carefully for risk and detail a number of different methods for decreasing the likelihood of disaster occurring. Yet they cannot abrogate all possibilities for negative occurrences impacting their IT systems because nothing is ever guaranteed in life or in IT.
Additionally, there is an inherent human element to risk that helps to maintain its prevalence, despite the fact that organizations can substantially reduce it. Most IT systems still rely on people for certain applications and processes -- people are unpredictable by nature. The most secure organizations in the world can have one of its key employees decide to expose aspects of its IT systems (as the Edward Snowden example demonstrates) (Louis, 2014). People bring a degree of unpredictability to IT that helps to create a situation in which risk is almost always prevalent. Additionally, technology by nature is fallible, simply because it was engendered by man.
Incident Handling
Incident handling largely revolves about risk management. It encompasses risk management and takes it a step or two further in which there is actually action implemented. The risk management process, in this respect, helps to set up and facilitate the means of incident handling. It is critical for the enterprise to have a means of handling incidents in such a way that actuates various elements of risk management. Therefore, it is critical to create a risk management process that is sustainable and able to be repeated, so that incidents can get handled effectively and in such a way that further incidents will not occur.
You’re 67% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.